๐Ÿ” CVE Alert

CVE-2026-3528

MEDIUM 6.1

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
8th

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cross-Site Scripting (XSS).This issue affects Calculation Fields: from 0.0.0 before 1.0.4.

CWE CWE-79
Vendor drupal
Product calculation fields
Ecosystems
Industries
WebMedia
Published Mar 26, 2026
Last Updated Mar 27, 2026
Stay Ahead of the Next One

Get instant alerts for drupal calculation fields

Be the first to know when new medium vulnerabilities affecting drupal calculation fields are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / Calculation Fields
0.0.0 < 1.0.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-023

Credits

Drew Webber (mcdruid) Joao Paulo Constantino (joaopauloc.dev) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)