{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:52:47.705","vulnerabilities":[{"cve":{"id":"CVE-2024-13273","sourceIdentifier":"mlhess@drupal.org","published":"2025-01-09T20:15:36.137","lastModified":"2025-08-28T13:03:20.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Drupal Open Social permite Cross-Site Scripting (XSS). Este problema afecta a Open Social: desde la versión 0.0.0 hasta la 12.3.8, desde la versión 12.4.0 hasta la 12.4.5, desde la versión 13.0.0 hasta la 13.0.0-alpha11."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"mlhess@drupal.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:*:*:*:*:*:drupal:*:*","versionEndExcluding":"12.3.8","matchCriteriaId":"8D08CE2A-5BC9-4556-8127-6D55D17B3E48"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:*:*:*:*:*:drupal:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.5","matchCriteriaId":"F707194F-96F5-4A8F-9E83-792ED3CC8267"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha1:*:*:*:drupal:*:*","matchCriteriaId":"83C94567-8F3B-4E0F-A6B9-B91B7867830A"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha10:*:*:*:drupal:*:*","matchCriteriaId":"91C5BD21-7D0F-472F-9C9B-92F8A5843B90"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha2:*:*:*:drupal:*:*","matchCriteriaId":"99C5EDBB-2605-4267-A4E9-5EF6D840E220"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha3:*:*:*:drupal:*:*","matchCriteriaId":"90988BED-3337-4FA4-B7BE-9BC3CEEA7B15"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha4:*:*:*:drupal:*:*","matchCriteriaId":"B3D9E2E6-DA96-4B21-9185-FD811F3EF851"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha5:*:*:*:drupal:*:*","matchCriteriaId":"555AD849-3751-4A70-972E-D712638BE25F"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha6:*:*:*:drupal:*:*","matchCriteriaId":"A70A48EA-2582-4923-AD38-00ACD697AEAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha7:*:*:*:drupal:*:*","matchCriteriaId":"35C48202-C7CC-4B2D-9C0C-927BE0CE701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha8:*:*:*:drupal:*:*","matchCriteriaId":"4EDCE73A-CF87-4BA6-91BD-1BC2294C0CAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:getopensocial:open_social:13.0.0:alpha9:*:*:*:drupal:*:*","matchCriteriaId":"0E4DF269-107D-4126-AC03-4A4F74794914"}]}]}],"references":[{"url":"https://www.drupal.org/sa-contrib-2024-037","source":"mlhess@drupal.org","tags":["Third Party Advisory"]}]}}]}