CVE-2024-13308

CVE-2024-13308: Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072

Vendor Drupal

Product Browser Back Button

Weakness CWE-79 · XSS

Published January 9, 2025

Last update January 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.

Key dates

02Disclosure timeline

January 9, 2025 CVE published

January 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13308 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-43750 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability CVE-2015-10110 ruddernation TinyChat Room Spy Plugin room-spy.php wp_show_room_spy cross site scripting