Home

Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17.

PUBLISHED Reserved 2026-07-08 | Published 2026-07-10 | Updated 2026-07-13 | Assigner drupal

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

Product status

2.0.0 (semver) before 2.0.17
affected

Credits

Hervé Donner (herved) finder

Florent Torregrosa (grimreaper) remediation developer

Hervé Donner (herved) remediation developer

Mikael Meulle (just_like_good_vibes) remediation developer

Pierre Dureau (pdureau) remediation developer

Neil Drumm (drumm) coordinator

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Dave Long (longwave) coordinator

References

www.drupal.org/sa-contrib-2026-075

cve.org (CVE-2026-15084)

nvd.nist.gov (CVE-2026-15084)

Download JSON