PT-2026-7808 · Drupal+1 · Ui Icons+1

Drew Webber

Publicado

2026-02-11

Atualizado

2026-03-25

CVE-2026-2349

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal UI Icons versions prior to 1.0.1 Drupal UI Icons version 1.1.0 before 1.1.1

Description A flaw exists in Drupal UI Icons that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of user input during web page generation. The vulnerability is present when the "UI Icons for CKEditor 5" submodule is enabled.

Recommendations Update Drupal UI Icons to version 1.0.1 or later. Update Drupal UI Icons to version 1.1.1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-2349

DRUPAL-CONTRIB-2026-010

Produtos afetados

Ui Icons

Drupal/Ui Icons

PT-2026-7808 · Drupal+1 · Ui Icons+1

CVE-2026-2349

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3