CVE-2024-13298

Published Jan 9, 2025

Last updated 2 months ago

CVSS medium 4.8

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.
Source: mlhess@drupal.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

mlhess@drupal.org: CWE-79

Hype score: Not currently trending

CVE-2024-13298 Cross-Site Scripting Vulnerability in Drupal Tarte au Citron 2.0.4 A Cross-Site Scripting (XSS) vulnerability is present in Drupal Tarte au Citron. This issue is due to improper neutralization of i... https://t.co/t3cI0dxwdx
@VulmonFeeds
10 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References