2 matches found
CVE-2024-13237
CVE-2024-13237 affects Drupal File Entity (fieldable files). The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) for File Entity versions 7.X-* up to but not including 7.X-2.38. The issue is discussed in SA-CONTRIB-2024-00...
CVE-2024-13276
CVE-2024-13276 affects Drupal File Entity (fieldable files) versions 7.X-* before 7.X-2.39. The vulnerability allows insertion of sensitive information into sent data, enabling forceful browsing and potential disclosure of protected data. Root cause details point to how files are stored and expos...