CVE-2024-13292

Name of the Vulnerable Software and Affected Versions Drupal Tooltip versions 0.0.0 through 1.1.2

Description The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting (XSS) attacks. This can be exploited by a remote attacker to conduct inter-site script attacks. The vulnerability is associated with the failure to protect the structure of web pages.

Recommendations For versions 0.0.0 through 1.1.2, consider disabling the vulnerable Tooltip module until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid using the module in sensitive areas of the website until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.