CVE-2024-55635
published 2024-12-10CVE-2024-55635: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This…
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.31%
22.4th percentile
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | drupal | >= 7.0 < 7.102 | 7.102 |
| drupal | drupal_core | — | — |
| drupal | drupal_core | >= 7.0 < 7.102 | 7.102 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Drupal
Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
vendor_drupal·2024-11-20
CVE-2024-55635 [HIGH] Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Title: Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Vulnerability Type: Cross Site Scripting
Description: Drupal 7 core's Overlay module doesn't safely handle user input, leading to reflected cross-site scripting under certain circumstances. Only sites with the Overlay module enabled are affected by this vulnerability.
Solution: Install the latest version: If you are using Drupal 7, update to Drupal 7.102 Sites may also disable the Overlay module to avoid the issue. Drupal 10 and Drupal 11 are not affected, as the Overlay module was removed from Drupal core in Drupal 8.
OSV
CVE-2024-55635: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (
osv·2024-12-10·CVSS 6.1
CVE-2024-55635 [MEDIUM] CVE-2024-55635: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
GHSA
GHSA-3h3p-vm3f-v359: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (
ghsa_unreviewed·2024-12-10
CVE-2024-55635 [MEDIUM] CWE-79 GHSA-3h3p-vm3f-v359: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published