secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

May 7, 2024

Posted by Simon Bieber via Fulldisclosure on May 06secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVSS-B: 6.4 (…Full DisclosureRead More