CVE-2024-55635

Source
https://cve.org/CVERecord?id=CVE-2024-55635
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55635.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-55635
Aliases
Downstream
Published
2024-12-09T23:23:38.742Z
Modified
2026-07-08T06:29:09.366384055Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/55xxx/CVE-2024-55635.json",
    "cna_assigner": "drupal",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / git.drupalcode.org/project/drupal

Affected ranges

Type
GIT
Repo
https://git.drupalcode.org/project/drupal
Events
Introduced
497914920385b7016ac9c9367e0198530787adf2
Fixed
fa67320cf2109f1102201da5f66fd189c56f8b25
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "7.0"
        },
        {
            "fixed": "7.102"
        }
    ]
}
Type
GIT
Repo
https://github.com/drupal/drupal
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0"
        },
        {
            "fixed": "7.102"
        }
    ]
}

Affected versions

7.*
7.0
7.10
7.100
7.101
7.12
7.14
7.15
7.17
7.22
7.23
7.25
7.28
7.30
7.33
7.36
7.37
7.4
7.40
7.42
7.43
7.50
7.51
7.54
7.55
7.56
7.6
7.61
7.64
7.68
7.7
7.71
7.76
7.77
7.79
7.8
7.81
7.83
7.84
7.85
7.87
7.89
7.9
7.90
7.92
7.93
7.94
7.97
7.98
7.99

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55635.json"