XSS in Drupal Core

CVE-2024-55635

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions 7.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.drupal.org/sa-core-2024-005