PT-2026-56664 · Drupal · Ui Patterns

Dave Long

+7

·

Published

2026-07-08

·

Updated

2026-07-10

·

CVE-2026-15084

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17
Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting (XSS). Cross-site Scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. Exploitation requires the attacker to have permissions to create or update content rendered by UI Patterns.
Recommendations Update Drupal UI Patterns (SDC in Drupal UI) to a version later than 2.0.17.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15084
DRUPAL-CONTRIB-2026-075

Affected Products

Ui Patterns