Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Standard reflected/stored XSS pattern: network-accessible, no attacker auth, victim interaction required, browser-scope impact with no availability loss.
Primary rating from Vendor (drupal).
CVSS VectorVendor: drupal
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1.
AnalysisAI
Cross-site scripting in the Drupal Canvas contributed module allows unauthenticated remote attackers to inject and execute malicious scripts in victims' browsers across multiple version branches (0.0.0-1.4.2, 1.5.0-1.5.2, 1.6.0-1.6.1, 1.7.0-1.7.1). The scope-changed CVSS vector (S:C) confirms the attack escapes the server context and executes within the victim's browser environment, enabling session theft, credential harvesting, or unauthorized actions on behalf of the victim. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Drupal installation has the Drupal Canvas contributed module installed and enabled, running one of the affected version ranges (0.0.0-1.4.2, 1.5.0-1.5.2, 1.6.0-1.6.1, or 1.7.0-1.7.1). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.1 Medium score reflects a network-accessible (AV:N), low-complexity (AC:L), unauthenticated attacker path (PR:N) with required victim interaction (UI:R) and scope change (S:C), yielding low confidentiality and integrity impacts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a Drupal site running an affected version of the Canvas module and crafts a payload embedding malicious JavaScript within a canvas field or parameter that is stored or reflected without sanitization. The attacker then socially engineers a site user - such as an editor or administrator - into loading a page or preview URL containing the injected script, causing the script to execute in the victim's browser and exfiltrate their session cookie or perform authenticated actions on their behalf. … |
| Remediation | The primary remediation is to upgrade Drupal Canvas to a patched release per the vendor advisory at https://www.drupal.org/sa-contrib-2026-065. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Drupal Canvas
View allCross-site scripting in the Drupal Canvas contributed module enables remote attackers to inject and execute malicious sc
A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal Canvas versions prior to 1.1.1, allowing attackers t
Improper authorization controls in Drupal Canvas versions before 1.0.4 enable attackers to bypass access restrictions an
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43069
GHSA-vx3g-w5hr-294x