Cross-site Scripting Vulnerability in Drupal Advanced Content Feedback by Drupal
CVE-2026-13231

Currently unrated

What is CVE-2026-13231?

The vulnerability in Drupal's Advanced Content Feedback module allows attackers to execute malicious scripts in the context of the user's session. This Stored XSS flaw can be triggered by injecting arbitrary JavaScript code, which may compromise user data and affect application integrity. It is imperative for users of the affected versions to apply the necessary updates to mitigate these security risks.

Affected Version(s)

Advanced Content Feedback (aka admin_feedback) 0.0.0 < 2.8.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bill Seremetis (bserem)
Bill Seremetis (bserem)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
.