Cross-site Scripting Vulnerability in Drupal Advanced Content Feedback by Drupal
CVE-2026-13231
Currently unrated
Key Information:
- Vendor
Drupal
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-13231?
The vulnerability in Drupal's Advanced Content Feedback module allows attackers to execute malicious scripts in the context of the user's session. This Stored XSS flaw can be triggered by injecting arbitrary JavaScript code, which may compromise user data and affect application integrity. It is imperative for users of the affected versions to apply the necessary updates to mitigate these security risks.
Affected Version(s)
Advanced Content Feedback (aka admin_feedback) 0.0.0 < 2.8.0
