Vladimir Roudakov

**Name of the Vulnerable Software and Affected Versions** Drupal Quick Edit versions 0.0.0 through 1.0.4 Drupal Quick Edit versions 2.0.0 through 2.0.0 **Description** A flaw exists in Drupal Quick Edit that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of certain image-related values during the editing process. An attacker must have permission to create or edit an affected field to exploit this. The vulnerability is related to improper neutralization of input during web page generation. **Recommendations** Update Drupal Quick Edit to version 1.0.5 or later. Update Drupal Quick Edit to version 2.0.1 or later.