Cross-Site Scripting Vulnerability in Drupal Canvas by Drupal
CVE-2026-58588
Currently unrated
What is CVE-2026-58588?
A Cross-Site Scripting (XSS) vulnerability exists in Drupal Canvas, which could allow attackers to manipulate web content and execute arbitrary scripts in the context of users' browsers. This issue arises from improper neutralization of user input during web page generation. Affected versions range from 0.0.0 up to 1.7.1 across various updates, creating significant security risks for deployed applications. Admins are urged to review their Drupal Canvas installations and apply necessary updates as outlined in the official documentation.
Affected Version(s)
Drupal Canvas 0.0.0 < 1.4.2
Drupal Canvas 1.5.0 < 1.5.2
Drupal Canvas 1.6.0 < 1.6.1
