CVE-2024-12393

State: PUBLISHED · Published: 2024-12-09 · Updated: 2024-12-11 · Assigner: drupal

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Affected

Drupal / Drupal Core — v=8.8.0 <10.2.11 [affected]; v=10.3.0 <10.3.9 [affected]; v=11.0.0 <11.0.8 [affected]

CVSS

(none)

References

https://www.drupal.org/sa-core-2024-003

Source

cvelistV5-main/cves/2024/12xxx/CVE-2024-12393.json