Skip to main content

Calculation Fields

1 CVEs product

Monthly

CVE-2026-3528 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) in Drupal Calculation Fields module versions prior to 1.0.4 permits remote attackers to inject arbitrary JavaScript into dynamically generated web pages, enabling session hijacking, credential theft, and malware distribution against users viewing affected pages. The vulnerability stems from improper input neutralization during calculation field rendering, affecting all installations running Calculation Fields 0.0.0 through 1.0.3. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Calculation Fields
NVD
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) in Drupal Calculation Fields module versions prior to 1.0.4 permits remote attackers to inject arbitrary JavaScript into dynamically generated web pages, enabling session hijacking, credential theft, and malware distribution against users viewing affected pages. The vulnerability stems from improper input neutralization during calculation field rendering, affecting all installations running Calculation Fields 0.0.0 through 1.0.3. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Calculation Fields
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy