Flag Module Project Flag — known CVE vulnerabilities
Every CVE whose affected-product data names Flag Module Project Flag, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2014-3453 — CVSS 6.5 (medium): Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and…
CVE-2025-14556 — CVSS 5.4 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site…