Moderate severityNVD Advisory· Published Dec 9, 2024· Updated Dec 11, 2024
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
CVE-2024-12393
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.8.0, < 10.2.11 | 10.2.11 |
drupal/corePackagist | >= 10.3.0, < 10.3.9 | 10.3.9 |
drupal/corePackagist | >= 11.0.0, < 11.0.8 | 11.0.8 |
drupal/core-recommendedPackagist | >= 8.8.0, < 10.2.11 | 10.2.11 |
drupal/core-recommendedPackagist | >= 10.3.0, < 10.3.9 | 10.3.9 |
drupal/core-recommendedPackagist | >= 11.0.0, < 11.0.8 | 11.0.8 |
drupal/drupalPackagist | >= 8.8.0, < 10.2.11 | 10.2.11 |
drupal/drupalPackagist | >= 10.3.0, < 10.3.9 | 10.3.9 |
drupal/drupalPackagist | >= 11.0.0, < 11.0.8 | 11.0.8 |
Affected products
5- osv-coords4 versionspkg:bitnami/drupalpkg:composer/drupal/corepkg:composer/drupal/core-recommendedpkg:composer/drupal/drupal
>= 8.8.0, < 10.3.9+ 3 more
- (no CPE)range: >= 8.8.0, < 10.3.9
- (no CPE)range: >= 8.8.0, < 10.2.11
- (no CPE)range: >= 8.8.0, < 10.2.11
- (no CPE)range: >= 8.8.0, < 10.2.11
- Range: 8.8.0
Patches
Vulnerability mechanics
References
4News mentions
1- Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003Drupal Security Advisories · Nov 20, 2024