Headline
GHSA-8mvq-8h2v-j9vf: Drupal Core Cross-Site Scripting (XSS)
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-12393
Drupal Core Cross-Site Scripting (XSS)
Moderate severity GitHub Reviewed Published Dec 10, 2024 to the GitHub Advisory Database • Updated Dec 10, 2024
Package
Affected versions
>= 8.8.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
Patched versions
10.2.11
10.3.9
11.0.8
composer drupal/core-recommended (Composer)
>= 8.8.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
>= 8.8.0, < 10.2.11
>= 10.3.0, < 10.3.9
>= 11.0.0, < 11.0.8
Published to the GitHub Advisory Database
Dec 10, 2024
Last updated
Dec 10, 2024