Drupal Core Cross-Site Scripting (XSS)

🗓️ 10 Dec 2024 00:31:26Reported by GitHub Advisory DatabaseType

Drupal has an XSS issue in status messages affecting specific versions before updates.

Reporter	Title	Published	Views	Family All 26
BDU FSTEC	The vulnerability of the Drupal CMS system, related to insufficient protection of website structures, allows attackers to carry out XSS attacks.	12 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-12393	9 Dec 202423:28	–	circl
CNNVD	Drupal 安全漏洞	10 Dec 202400:00	–	cnnvd
CVE	CVE-2024-12393	9 Dec 202423:20	–	cve
Cvelist	CVE-2024-12393 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003	9 Dec 202423:20	–	cvelist
Drupal	Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003	20 Nov 202400:00	–	drupal
Tenable Nessus	Drupal 7.x < 7.102 / 10.2.x < 10.2.11 / 10.3.x < 10.3.9 / 11.x < 11.0.8 Multiple Vulnerabilities (drupal-2024-11-20)	20 Nov 202400:00	–	nessus
Tenable Nessus	Drupal 11.0.x < 11.0.8 Multiple Vulnerabilities	26 Nov 202400:00	–	nessus
Tenable Nessus	Drupal 10.3.x < 10.3.9 Multiple Vulnerabilities	26 Nov 202400:00	–	nessus
Tenable Nessus	Drupal 10.2.x < 10.2.11 Multiple Vulnerabilities	26 Nov 202400:00	–	nessus

Vulners

Node

drupal drupalRange11.0.0–11.0.8composer

drupal drupalRange10.3.0–10.3.9composer

drupal drupalRange8.8.0–10.2.11composer

drupal core-recommendedRange11.0.0–11.0.8composer

drupal core-recommendedRange10.3.0–10.3.9composer

drupal core-recommendedRange8.8.0–10.2.11composer

drupal coreRange11.0.0–11.0.8composer

drupal coreRange10.3.0–10.3.9composer

drupal coreRange8.8.0–10.2.11composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-12393
drupal	www.drupal.org/sa-core-2024-003
github	www.github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8
github	www.github.com/advisories/GHSA-8mvq-8h2v-j9vf

04 Jun 2025 00:38Current

7High risk

Vulners AI Score7

CVSS 3.15.4

EPSS0.02544

SSVC