Cross-Site Scripting Vulnerability in Drupal POST File by Drupal
CVE-2024-13294

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the POST File extension for Drupal, allowing attackers to inject malicious scripts into web pages. When the application improperly neutralizes input during the generation of web pages, it leads to potential exploitation. This vulnerability impacts POST File versions prior to 1.0.2, emphasizing the importance of updating to the latest version to safeguard web applications from such attacks.

References

https://www.drupal.org/sa-contrib-2024-060

Timeline

Vulnerability published
Jan 9, 2025