Drupal Core Vulnerability - XSS (Cross-Site Scripting)

CVE-2024-12393

Currently unrated 🤨

Key Information

Vendor: Drupal
Status: Drupal Core
Vendor: CVE Published:; 10 December 2024

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

Affected Version(s)

Drupal Core < 10.2.11

Drupal Core < 10.3.9

Drupal Core < 11.0.8

Refferences

https://www.drupal.org/sa-core-2024-003

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Jay Beaton

Lee Rowlands

catch

Mingsong

Juraj Nemec

Dave Long

Benji Fisher

Juraj Nemec

Greg Knaddison