CVE-2024-13273

描述

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content (such as photos or videos) when a user posts a link to that resource, without having to parse the resource directly. Added URL's were not sufficiently validated which could lead to a DoS via Blind SSRF and/or Application Takeover via Stored XSS. This vulnerability is mitigated by the fact that social\_embed submodule needs to be enabled.

受影響套件(1)

• Packagist/drupal/socialfrom 0, < 12.3.8 | >= 12.4.0, < 12.4.5

參考連結(1)

• WEBhttps://www.drupal.org/sa-contrib-2024-037