PT-2026-7808 · Drupal+1 · Ui Icons+1
Drew Webber
+2
·
Published
2026-02-11
·
Updated
2026-03-25
·
CVE-2026-2349
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal UI Icons versions prior to 1.0.1
Drupal UI Icons version 1.1.0 before 1.1.1
Description
A flaw exists in Drupal UI Icons that allows for Cross-Site Scripting (XSS). The issue stems from insufficient sanitization of user input during web page generation. The vulnerability is present when the "UI Icons for CKEditor 5" submodule is enabled.
Recommendations
Update Drupal UI Icons to version 1.0.1 or later.
Update Drupal UI Icons to version 1.1.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ui Icons
Drupal/Ui Icons