Cross-Site Scripting Vulnerability in Drupal Tarte au Citron
CVE-2024-13298

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

An issue has been identified in Drupal's Tarte au Citron, where improper neutralization of user input during web page generation can lead to Cross-Site Scripting (XSS). This vulnerability affects the product versions from 2.0.0 to 2.0.4, allowing attackers to inject malicious scripts into webpages viewed by end users, potentially compromising the security of their web applications.

References

https://www.drupal.org/sa-contrib-2024-064

Timeline

Vulnerability published
Jan 9, 2025