LOW
drupal-pattern-lab
CVE published 2025-10-10
CVE-2025-11570
CVE-2025-11570 describes a cross-site scripting issue in drupal-pattern-lab/unified-twig-extensions stemming from insufficient filtering of data. The issue is described as exploitable only when the shared code runs outside Drupal, which materially narrows practical exposure. The package is also described as unmaintained, and the supplied record points to a fix in drupal/unified_twig_ext 1.1.1.