{"id":"CVE-2024-12393","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.","aliases":["BIT-drupal-2024-12393","DRUPAL-CORE-2024-003","GHSA-8mvq-8h2v-j9vf"],"modified":"2026-04-10T05:08:26.326253Z","published":"2024-12-10T00:15:22.197Z","references":[{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2024-003"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"f2b59e3ae8097ea01d15c708f1267b73794399c0"},{"fixed":"2570b33d6e36d5835119b683af0d6a866593276b"},{"introduced":"150df8b6d02131a72a34ec1cb5444c191ae5e407"},{"fixed":"f2093af42504324a1f55ca1783eab5b8a93afaa0"},{"introduced":"140f94ff1051644c4416c7ed30cc5dd1f14507b2"},{"fixed":"3712d59414f556474f990a503c3f7c295f8c719f"}],"database_specific":{"versions":[{"introduced":"8.8.0"},{"fixed":"10.2.11"},{"introduced":"10.3.0"},{"fixed":"10.3.9"},{"introduced":"11.0.0"},{"fixed":"11.0.8"}]}}],"versions":["11.0.0","11.0.1","11.0.2","11.0.3","11.0.4","11.0.5","11.0.6","11.0.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12393.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}