Cross-Site Scripting Vulnerability in Drupal Entity Form Steps
CVE-2024-13305

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

An issue has been identified in the Drupal Entity Form Steps module, which allows for improper neutralization of input during web page generation, leading to a Cross-Site Scripting (XSS) vulnerability. This flaw enables attackers to inject malicious scripts, which may then be executed in the context of the user's browser when the page is rendered. Effective mitigation necessitates updating to version 1.1.4 or higher to ensure the security of applications utilizing this module.

References

https://www.drupal.org/sa-contrib-2024-071

Timeline

Vulnerability published
Jan 9, 2025