Cross-Site Scripting Vulnerability in Drupal Quick Edit
CVE-2026-2348
5.4MEDIUM
What is CVE-2026-2348?
A Cross-Site Scripting (XSS) vulnerability exists in the Quick Edit module of Drupal. This issue enables attackers to inject malicious scripts through improperly neutralized input during page generation, potentially compromising the security of users interacting with the affected versions. It is crucial for users and administrators to update to the latest versions to mitigate this risk.
Affected Version(s)
Quick Edit 0.0.0 < 1.0.5
Quick Edit 2.0.0 < 2.0.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Drew Webber (mcdruid)
Derek Wright (dww)
Vladimir Roudakov (vladimiraus)
Greg Knaddison (greggles)
Drew Webber (mcdruid)