Skip to content

Commit eea5292

Browse files
feat: update advisories (#179)
🤖 beep boop - looks like there's some changes to the advisories! Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
1 parent 0489d6b commit eea5292

2 files changed

Lines changed: 132 additions & 0 deletions

File tree

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DRUPAL-CONTRIB-2026-009",
4+
"modified": "2026-02-11T16:53:32.000Z",
5+
"published": "2026-02-11T16:53:32.000Z",
6+
"aliases": [
7+
"CVE-2026-2348"
8+
],
9+
"details": "This module allows content to be edited in-place.\n\nThe module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting (XSS) vulnerability.\n\nThis vulnerability is mitigated by the fact that an attacker must have permission to create or edit an affected field.",
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Packagist:https://packages.drupal.org/8",
14+
"name": "drupal/quickedit"
15+
},
16+
"severity": [],
17+
"ranges": [
18+
{
19+
"type": "ECOSYSTEM",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "1.0.5"
26+
}
27+
],
28+
"database_specific": {
29+
"constraint": "<1.0.5"
30+
}
31+
},
32+
{
33+
"type": "ECOSYSTEM",
34+
"events": [
35+
{
36+
"introduced": "2.0.0"
37+
},
38+
{
39+
"fixed": "2.0.1"
40+
}
41+
],
42+
"database_specific": {
43+
"constraint": ">=2.0.0 <2.0.1"
44+
}
45+
}
46+
],
47+
"database_specific": {
48+
"affected_versions": "<1.0.5 || >=2.0.0 <2.0.1"
49+
}
50+
}
51+
],
52+
"references": [
53+
{
54+
"type": "WEB",
55+
"url": "https://www.drupal.org/sa-contrib-2026-009"
56+
}
57+
],
58+
"credits": [
59+
{
60+
"name": "Drew Webber (mcdruid)",
61+
"contact": [
62+
"https://www.drupal.org/u/mcdruid"
63+
]
64+
}
65+
]
66+
}
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DRUPAL-CONTRIB-2026-010",
4+
"modified": "2026-02-11T16:54:18.000Z",
5+
"published": "2026-02-11T16:54:18.000Z",
6+
"aliases": [
7+
"CVE-2026-2349"
8+
],
9+
"details": "This module enables you to integrate and manage icons with Drupal.\n\nThe module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting (XSS) vulnerability.\n\nThe vulnerability is mitigated by the fact that in order to be vulnerable, the \"UI Icons for CKEditor 5\" submodule must be enabled.",
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Packagist:https://packages.drupal.org/8",
14+
"name": "drupal/ui_icons"
15+
},
16+
"severity": [],
17+
"ranges": [
18+
{
19+
"type": "ECOSYSTEM",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "1.0.1"
26+
}
27+
],
28+
"database_specific": {
29+
"constraint": "<1.0.1"
30+
}
31+
},
32+
{
33+
"type": "ECOSYSTEM",
34+
"events": [
35+
{
36+
"introduced": "1.1.0"
37+
},
38+
{
39+
"fixed": "1.1.1"
40+
}
41+
],
42+
"database_specific": {
43+
"constraint": ">=1.1.0 <1.1.1"
44+
}
45+
}
46+
],
47+
"database_specific": {
48+
"affected_versions": "<1.0.1 || >=1.1.0 <1.1.1"
49+
}
50+
}
51+
],
52+
"references": [
53+
{
54+
"type": "WEB",
55+
"url": "https://www.drupal.org/sa-contrib-2026-010"
56+
}
57+
],
58+
"credits": [
59+
{
60+
"name": "Drew Webber (mcdruid)",
61+
"contact": [
62+
"https://www.drupal.org/u/mcdruid"
63+
]
64+
}
65+
]
66+
}

0 commit comments

Comments
 (0)