CVE-2024-13247 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2024-13247?

CVE-2024-13247 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal Coffee module, which could execute in users' browsers. It affects all Drupal sites using Coffee module versions before 1.4.0. The vulnerability enables cross-site scripting attacks against users who view affected pages.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal Coffee module, which could execute in users' browsers. It affects all Drupal sites using Coffee module versions before 1.4.0. The vulnerability enables cross-site scripting attacks against users who view affected pages.

💻 Affected Systems

Products:

Drupal Coffee module

Versions: 0.0.0 through 1.3.x

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Drupal installations with the Coffee module enabled. The vulnerability exists in the module's input handling.

📦 What is this software?

Coffee by Coffee Project

View all CVEs affecting Coffee →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deface the website.

🟠

Likely Case

Attackers inject malicious scripts that steal user session tokens or credentials when users visit compromised pages.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to potential data leakage from unsanitized inputs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity. The advisory suggests the vulnerability is in input handling during web page generation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.0

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-011

Restart Required: No

Instructions:

1. Update the Coffee module to version 1.4.0 via Drupal's update manager or Composer. 2. Clear Drupal caches. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable Coffee module

all

Temporarily disable the vulnerable module until patching is possible

drush pm-disable coffee

Implement Content Security Policy

all

Add CSP headers to mitigate XSS impact

🧯 If You Can't Patch

Implement web application firewall rules to block XSS payloads
Enable Drupal's built-in XSS protection features and ensure all user inputs are properly sanitized

🔍 How to Verify

Check if Vulnerable:

Check Coffee module version in Drupal admin at /admin/modules or via 'drush pm-list | grep coffee'

Check Version:

drush pm-list --fields=name,version | grep coffee

Verify Fix Applied:

Confirm Coffee module version is 1.4.0 or higher and test input fields for proper sanitization

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests with script tags or JavaScript payloads to Coffee module endpoints
Multiple failed input validation attempts

Network Indicators:

HTTP requests containing <script> tags or JavaScript code in parameters
Unexpected redirects from Coffee module pages

SIEM Query:

source="drupal_access" AND (uri_path="*coffee*" AND (request_body="*<script>*" OR request_body="*javascript:*"))

📊 Metadata

CVE ID: CVE-2024-13247

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.12% exploit probability (31.6th percentile)

Published: January 9, 2025

Last Updated: June 4, 2025

🔗 References

https://www.drupal.org/sa-contrib-2024-011 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13247, you might also want to check these: