Cross-Site Scripting Vulnerability in Drupal Tooltip by Drupal
CVE-2024-13292

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Drupal Tooltip module, which improperly neutralizes user input during web page generation. This allows attackers to inject malicious scripts that execute in the context of the user's browser, potentially compromising user interactions or stealing sensitive information. The vulnerability affects versions of Tooltip from 0.0.0 prior to 1.1.2, highlighting the necessity for users to update to the latest version to mitigate risks.

References

https://www.drupal.org/sa-contrib-2024-058

Timeline

Vulnerability published
Jan 9, 2025