Drupal · Drupal Facets · CVE-2024-13283
**Name of the Vulnerable Software and Affected Versions**
Drupal Facets versions 0.0.0 through 2.0.9
**Description**
The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting (XSS). This can be exploited by a remote attacker to hijack a user's session. The problem is associated with the two-factor authentication module and incorrect session management.
**Recommendations**
For versions 0.0.0 through 2.0.9, update to a version later than 2.0.9 to resolve the issue.
As a temporary workaround, consider restricting access to the Facets module to minimize the risk of exploitation.
Avoid using the Facets module until the issue is resolved.