CVE-2024-13283
EPSS 0.25%Published: 10/9/2024Modified: 12/10/2025
Description
This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability. The vulnerability exists in the Facets Summary submodule. If you do not use that sub module your site is not vulnerable to this issue. *Edited October 9, 2024: clarified that Facets Summary is where the vulnerability is located*
Affected packages (1)
- Packagist/drupal/facetsfrom 0, < 2.0.9