CVE-2026-58588

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1.

Credits

Christian López Espínola (penyaskito)
AKHIL BABU (akhil babu)
Christian López Espínola (penyaskito)
Juraj Nemec (poker10)

References