{"id":"CVE-2024-55635","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.","aliases":["BIT-drupal-2024-55635"],"modified":"2026-04-10T05:18:37.007334Z","published":"2024-12-10T00:15:22.433Z","references":[{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2024-005"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"497914920385b7016ac9c9367e0198530787adf2"},{"fixed":"fa67320cf2109f1102201da5f66fd189c56f8b25"}],"database_specific":{"versions":[{"introduced":"7.0"},{"fixed":"7.102"}]}}],"versions":["7.0","7.10","7.100","7.101","7.12","7.14","7.15","7.17","7.22","7.23","7.25","7.28","7.30","7.33","7.36","7.37","7.4","7.40","7.42","7.43","7.50","7.51","7.54","7.55","7.56","7.6","7.61","7.64","7.68","7.7","7.71","7.76","7.77","7.79","7.8","7.81","7.83","7.84","7.85","7.87","7.89","7.9","7.90","7.92","7.93","7.94","7.97","7.98","7.99"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55635.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}