DRUPAL-CONTRIB-2024-047

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/facets/DRUPAL-CONTRIB-2024-047.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-047
Aliases
  • CVE-2024-13283
Published
2024-10-09T15:54:27Z
Modified
2025-12-10T23:41:31.054532Z
Summary
[none]
Details

This module enables you to to easily create and manage faceted search interfaces.

The module doesn't sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.

The vulnerability exists in the Facets Summary submodule. If you do not use that sub module your site is not vulnerable to this issue.

Edited October 9, 2024: clarified that Facets Summary is where the vulnerability is located

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/facets

Package

Name
drupal/facets
Purl
pkg:composer/drupal/facets

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.9
Database specific 
{
    "constraint": "<2.0.9"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/facets/DRUPAL-CONTRIB-2024-047.json"
affected_versions 
"<2.0.9"