Description The Custom Fields component not correctly filter inputs, leading to a XSS vector. Remediation References CVE-2024-26278 Related Vulnerabilities Drupal Improper Input Validation Vulnerability (CVE-2012-5653) Microsoft SQL Server CVE-2023-36728 Vulnerability (CVE-2023-36728) WordPress 4.4.x Prototype Pollution (4.4 - 4.4.26) WordPress Plugin Qode Twitter Feed (embeded in Bridge-Creative Multi-Purpose WordPress Theme) Open Redirect (2.0.1) Moodle Improper Input Validation Vulnerability (CVE-2019-10134) Severity Medium Classification CVE-2024-26278 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities