Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2024-October-09
Vulnerability:
Cross Site Scripting
Affected versions:
<2.0.9
CVE IDs:
CVE-2024-13283
Description:
This module enables you to to easily create and manage faceted search interfaces.
The module doesn't sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.
The vulnerability exists in the Facets Summary submodule. If you do not use that sub module your site is not vulnerable to this issue.
Edited October 9, 2024: clarified that Facets Summary is where the vulnerability is located
Solution:
Install the latest version:
- If you use the Facets module, upgrade to Facets 2.0.9
Reported By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
