Drupal Wiki vulnerable to XSS via comments, captions, and image titles

CVE-2024-34481

6.1MEDIUM

Key Information

Vendor: Drupal
Status: Drupal Wiki
Vendor: CVE Published:; 5 July 2024

Summary

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.

Refferences

https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt

https://drupal-wiki.com/drupal-wiki-update-8-31/

https://seclists.org/fulldisclosure/2024/May/4

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 5, 2024

Collectors

NVD DatabaseMitre Database

.