EUVD-2026-16381CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4Tags
Description
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cross-Site Scripting (XSS).This issue affects Calculation Fields: from 0.0.0 before 1.0.4.
Analysis
Cross-site scripting (XSS) in Drupal Calculation Fields module versions prior to 1.0.4 permits remote attackers to inject arbitrary JavaScript into dynamically generated web pages, enabling session hijacking, credential theft, and malware distribution against users viewing affected pages. The vulnerability stems from improper input neutralization during calculation field rendering, affecting all installations running Calculation Fields 0.0.0 through 1.0.3. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today