PT-2026-23111 · Drupal+2 · Calculation Fields+1
Drew Webber
+2
·
Published
2026-03-04
·
Updated
2026-03-26
·
CVE-2026-3528
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Calculation Fields versions prior to 1.0.4
Description
The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting (XSS) attacks. This module extends the Drupal form API, adding calculation element form element types that can evaluate mathematical expressions and offers webform integration. The issue arises from insufficient input validation, which could be exploited by an attacker.
Recommendations
Update the Calculation Fields module to version 1.0.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Calculation Fields
Drupal/Calculation Fields