Cross-Site Scripting Vulnerability in Drupal Browser Back Button
CVE-2024-13308

3.8LOW

Key Information:

Vendor: Drupal
Status: Browser Back Button
Vendor: CVE Published:; 9 January 2025

Summary

An issue has been identified in the Drupal Browser Back Button that allows for Cross-Site Scripting (XSS) attacks due to improper neutralization of input during web page generation. This vulnerability affects versions of the Browser Back Button from 1.0.0 through 2.0.1, enabling malicious actors to inject arbitrary scripts into web pages viewed by users, potentially leading to compromised user data and session hijacking.

Affected Version(s)

Browser Back Button 1.0.0 < 2.0.2

References

https://www.drupal.org/sa-contrib-2024-072

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025

Credit

Patrick Fey

Elavarasan R

Ivo Van Geertruyen