CVE-2024-13273

EPSS 0.23%

Published: 9/4/2024Modified: 3/18/2026

Also known as:DRUPAL-CONTRIB-2024-037

Description

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content (such as photos or videos) when a user posts a link to that resource, without having to parse the resource directly. Added URL's were not sufficiently validated which could lead to a DoS via Blind SSRF and/or Application Takeover via Stored XSS. This vulnerability is mitigated by the fact that social\_embed submodule needs to be enabled.

Affected packages (1)

Packagist/drupal/socialfrom 0, < 12.3.8 | >= 12.4.0, < 12.4.5

References (1)

WEBhttps://www.drupal.org/sa-contrib-2024-037