PT-2026-7807 · Drupal+1 · Quickedit+1

Derek Wright

Publicado

2026-02-11

Atualizado

2026-03-25

CVE-2026-2348

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal Quick Edit versions 0.0.0 through 1.0.4 Drupal Quick Edit versions 2.0.0 through 2.0.0

Description A flaw exists in Drupal Quick Edit that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of certain image-related values during the editing process. An attacker must have permission to create or edit an affected field to exploit this. The vulnerability is related to improper neutralization of input during web page generation.

Recommendations Update Drupal Quick Edit to version 1.0.5 or later. Update Drupal Quick Edit to version 2.0.1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-2348

DRUPAL-CONTRIB-2026-009

Produtos afetados

Quickedit

Drupal Quick Edit

PT-2026-7807 · Drupal+1 · Quickedit+1

CVE-2026-2348

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3