Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1.CreditsDrew Webber (mcdruid)Derek Wright (dww)Vladimir Roudakov (vladimiraus)Greg Knaddison (greggles)Drew Webber (mcdruid)Referenceshttps://www.drupal.org/sa-contrib-2026-009
