Intel

AIKIDO-2026-791696

drupal/ui_patterns is vulnerable to Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)CVE-2026-15084 Published 3 days ago

58

Medium Risk

This Affects:

PHPdrupal/ui_patterns
2.0.0 - 2.0.16
Fixed in 2.0.17
Are you affected? Scan for Free

TL;DR

This module enables you to use Single Directory Components in site building (views, field formatters, blocks, layouts) and it improves the Developer Experience (DX) with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/ui_patterns is vulnerable to Cross-Site Scripting (XSS) in versions 2.0.0 - 2.0.16.

How to fix this

Upgrade the drupal/ui_patterns module to the patch version.