NextGuard
UNKNOWNCVE-2024-12393

Drupal Core Cross-Site Scripting (XSS)

Platform

drupal

Component

drupal

Fixed in

10.2.11

View on NVD

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

How to fix

Actualice Drupal Core a la última versión disponible. Para las versiones 8.8.x a 10.2.x, actualice a la versión 10.2.11 o superior. Para las versiones 10.3.x, actualice a la versión 10.3.9 o superior. Para las versiones 11.0.x, actualice a la versión 11.0.8 o superior.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free