PT-2026-7807 · Drupal+1 · Quickedit+1
Derek Wright
+3
·
Published
2026-02-11
·
Updated
2026-03-25
·
CVE-2026-2348
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Quick Edit versions 0.0.0 through 1.0.4
Drupal Quick Edit versions 2.0.0 through 2.0.0
Description
A flaw exists in Drupal Quick Edit that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of certain image-related values during the editing process. An attacker must have permission to create or edit an affected field to exploit this. The vulnerability is related to improper neutralization of input during web page generation.
Recommendations
Update Drupal Quick Edit to version 1.0.5 or later.
Update Drupal Quick Edit to version 2.0.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quickedit
Drupal Quick Edit