Cross-Site Scripting Vulnerability in Drupal Canvas
CVE-2026-58587
Currently unrated
What is CVE-2026-58587?
Drupal Canvas contains a Cross-Site Scripting (XSS) vulnerability that results from improper handling of user input during web page generation. This flaw potentially allows attackers to inject malicious scripts into web pages viewed by users, leading to unauthorized actions or data exposure. Affected versions include any from 0.0.0 up to 1.7.1, compelling users and administrators to update to secure releases promptly to mitigate risks.
Affected Version(s)
Drupal Canvas 0.0.0 < 1.4.2
Drupal Canvas 1.5.0 < 1.5.2
Drupal Canvas 1.6.0 < 1.6.1
