Drupal · File Entity · CVE-2024-13237
**Name of the Vulnerable Software and Affected Versions**
File Entity versions 7.X-* through 7.X-2.38
**Description**
The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to bypass security restrictions and conduct Cross-Site Scripting attacks.
**Recommendations**
For versions 7.X-* through 7.X-2.38, update to a version newer than 7.X-2.38 to resolve the issue.
As a temporary workaround, consider restricting access to the File Entity module to minimize the risk of exploitation.