Ui Patterns Sdc In Drupal Ui
Monthly
Stored XSS in the Drupal UI Patterns (SDC in Drupal UI) contributed module allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages, which execute in the browsers of other users - including administrators - who view the affected content. Versions 2.0.0 through 2.0.17 of the module are affected, with a patch available from the Drupal security team. No public exploit identified at time of analysis, and the EPSS score of 0.25% (17th percentile) signals minimal observed exploitation pressure, though the stored nature of the XSS and potential to target privileged users elevates practical risk for sites using this module.
Stored XSS in the Drupal UI Patterns (SDC in Drupal UI) contributed module allows a low-privileged authenticated attacker to inject persistent malicious scripts into web pages, which execute in the browsers of other users - including administrators - who view the affected content. Versions 2.0.0 through 2.0.17 of the module are affected, with a patch available from the Drupal security team. No public exploit identified at time of analysis, and the EPSS score of 0.25% (17th percentile) signals minimal observed exploitation pressure, though the stored nature of the XSS and potential to target privileged users elevates practical risk for sites using this module.