CVE-2024-13273

CVE-2024-13273: Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037

Vendor Drupal
Product Open Social
Weakness CWE-79 · XSS
Published January 9, 2025
Last update January 9, 2025

CVSS base score

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 9, 2025 Record updated