Skip to content

Issue #3528281: May 28 2025 Add CWE/CAPEC mappings for SA-CONTRIB-2025-070 through SA-CONTRIB-2025-076

Cathy Theysrequested to merge
issue/securitydrupalorg-3528281:3528281-cves-may282025 into 7.x-1.x

Added CWE-79 and CAPEC-63 mappings for 7 new XSS advisories and updated API limit from 6 to 7.

I used CursorAI to help, in the privacy mode.

User prompts from chat (in chronological order):

  1. 'I'm working on issue #3528281. I need to update the script at scripts/cves/advisory-to-cvejson.php for new security advisories. The advisories are from https://www.drupal.org/sa-contrib-2025-070 to https://www.drupal.org/sa-contrib-2025-076. There are still available CVEs: CVE-2025-48921, CVE-2025-48922, CVE-2025-48923, and CVE-2025-5682. Please provide a plan for updating the script based on the provided links.'

  2. 'Are CWE: 79 (Improper Neutralization of Input During Web Page Generation) CAPEC: 63 (Cross-Site Scripting (XSS)) already frequently mentioned in the script? Are there other matching ids that are more common for us to use?'

  3. 'run a git diff.'

  4. 'the new lines don't follow the pattern of existing lines, make then consisten with the ordering of into and white space.'

  5. 'commit these changes. Look at recent commit messages and follow the format like Issue #1234555555: Short summary Use multiple -m to make nice messages for the additional context. In the commit message, include all of my AI prompts from this chat.'

  6. 'that's a good message, add the inital prompt ... the one that starts "I'm working on issue..."'

  7. 'now, list the prompts in the -m messages in chronological order. (and include this new prompt)'

  8. 'Add a -m note "I used CursorAI to help, in the privacy mode."'

Closes #3528281

Merge request reports