CVE-2024-12393

CVE-2024-12393: Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003

Vendor Drupal

Product Drupal Core

Weakness CWE-79 · XSS

Published December 9, 2024

Last update December 11, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

Key dates

Disclosure timeline

December 9, 2024 CVE published

December 11, 2024 Record updated

Identifiers

CVE CVE-2024-12393

CWE CWE-79

Affected versions

Vendor Drupal

Product Drupal Core

Affected ≥ 8.8.0 and < 10.2.11

Vendor Drupal

Product Drupal Core

Affected ≥ 10.3.0 and < 10.3.9

Vendor Drupal

Product Drupal Core

Affected ≥ 11.0.0 and < 11.0.8