CVE-2024-13305

Name of the Vulnerable Software and Affected Versions Drupal Entity Form Steps versions 0.0.0 through 1.1.3

Description The issue is related to improper neutralization of input during web page generation, allowing for Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to conduct XSS attacks.

Recommendations For versions 0.0.0 through 1.1.3, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Entity Form Steps module to minimize the risk of exploitation.