Jean Valverde

**Name of the Vulnerable Software and Affected Versions** Drupal UI Icons versions prior to 1.0.1 Drupal UI Icons version 1.1.0 before 1.1.1 **Description** A flaw exists in Drupal UI Icons that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of user input during web page generation. The vulnerability is present when the "UI Icons for CKEditor 5" submodule is enabled. **Recommendations** Update Drupal UI Icons to version 1.0.1 or later. Update Drupal UI Icons to version 1.1.1 or later.