PT-2026-56664 · Drupal · Ui Patterns
Dave Long
+7
·
Published
2026-07-08
·
Updated
2026-07-10
·
CVE-2026-15084
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17
Description
An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting (XSS). Cross-site Scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. Exploitation requires the attacker to have permissions to create or update content rendered by UI Patterns.
Recommendations
Update Drupal UI Patterns (SDC in Drupal UI) to a version later than 2.0.17.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ui Patterns