CVE-2024-13237

Name of the Vulnerable Software and Affected Versions File Entity versions 7.X-* through 7.X-2.38

Description The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to bypass security restrictions and conduct Cross-Site Scripting attacks.

Recommendations For versions 7.X-* through 7.X-2.38, update to a version newer than 7.X-2.38 to resolve the issue. As a temporary workaround, consider restricting access to the File Entity module to minimize the risk of exploitation.