Description The Custom Fields component not correctly filter inputs, leading to a XSS vector. Remediation References CVE-2024-26278 Related Vulnerabilities Moodle CVE-2023-5543 Vulnerability (CVE-2023-5543) Magento CVE-2021-36021 Vulnerability (CVE-2021-36021) Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21015) WordPress Plugin Mingle Forum 'edit_post_id' Parameter SQL Injection (1.0.31) Drupal Core 5.x Local File Inclusion (5.0 - 5.15) Severity Medium Classification CVE-2024-26278 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities