← Back

CVE-2024-13273

nvd nist
Published: Jan 9, 2025Modified: Aug 28, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.

Affected (12)

Getopensocial
1 product
Open Social
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Getopensocial
Open Social
Before 12.3.8
Open Social
From 12.4.0 to 12.4.5
Open Social
Version 13.0.0 alpha10
Open Social
Version 13.0.0 alpha1
Open Social
Version 13.0.0 alpha2
Open Social
Version 13.0.0 alpha3
Open Social
Version 13.0.0 alpha4
Open Social
Version 13.0.0 alpha5
Open Social
Version 13.0.0 alpha6
Open Social
Version 13.0.0 alpha7
Open Social
Version 13.0.0 alpha8
Open Social
Version 13.0.0 alpha9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: mlhess@drupal.org
Third Party Advisory

Timeline

No history available yet.