Drupal · Drupal Coffee · CVE-2024-13247
**Name of the Vulnerable Software and Affected Versions**
Drupal Coffee versions 0.0.0 through 1.4.0
**Description**
The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting (XSS). This can be exploited by a remote attacker to conduct a cross-site scripting attack.
**Recommendations**
For versions 0.0.0 through 1.4.0, update to a version 1.4.0 or later to resolve the issue.
As a temporary workaround, consider restricting user input to minimize the risk of exploitation.