CVE-2026-15084
UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075
CVSS Score
5.4
EPSS Score
0.3%
EPSS Percentile
17th
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17.
| CWE | CWE-79 |
| Vendor | drupal |
| Product | ui patterns (sdc in drupal ui) |
| Ecosystems | |
| Industries | WebMedia |
| Published | Jul 10, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal ui patterns (sdc in drupal ui)
Be the first to know when new medium vulnerabilities affecting drupal ui patterns (sdc in drupal ui) are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Drupal / UI Patterns (SDC in Drupal UI)
2.0.0 < 2.0.17
Credits
Hervé Donner (herved) Florent Torregrosa (grimreaper) Hervé Donner (herved) Mikael Meulle (just_like_good_vibes) Pierre Dureau (pdureau) Neil Drumm (drumm) Greg Knaddison (greggles) Juraj Nemec (poker10) Dave Long (longwave)