Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17.CreditsHervé Donner (herved)Florent Torregrosa (grimreaper)Hervé Donner (herved)Mikael Meulle (just_like_good_vibes)Pierre Dureau (pdureau)Neil Drumm (drumm)Greg Knaddison (greggles)Juraj Nemec (poker10)Dave Long (longwave)Referenceshttps://www.drupal.org/sa-contrib-2026-075