Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.
References
History

Fri, 10 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.
Title Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064
Weaknesses CWE-79
References

cve-icon MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2025-01-09T20:21:56.291Z

Updated: 2025-01-10T16:16:43.369Z

Reserved: 2025-01-09T18:28:34.212Z

Link: CVE-2024-13298

cve-icon Vulnrichment

Updated: 2025-01-10T16:16:34.012Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-01-09T21:15:27.350

Modified: 2025-01-10T17:15:16.477

Link: CVE-2024-13298

cve-icon Redhat

No data.