CVE-2024-13283
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in Drupal's Facets module that allows attackers to inject malicious scripts into web pages. The vulnerability affects all Drupal sites using Facets module versions before 2.0.9. When exploited, it can lead to session hijacking, credential theft, or unauthorized actions on behalf of users.
💻 Affected Systems
- Drupal Facets module
📦 What is this software?
Facets by Facets Project
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over administrative accounts, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, perform actions on behalf of authenticated users, or redirect users to phishing pages.
If Mitigated
With proper input validation and output encoding, the impact is limited to potential data leakage from the specific vulnerable component.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity. The advisory suggests the vulnerability can be exploited without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.9
Vendor Advisory: https://www.drupal.org/sa-contrib-2024-047
Restart Required: No
Instructions:
1. Update the Facets module to version 2.0.9 or later via Drupal's update manager. 2. Clear Drupal caches after update. 3. Verify the update was successful by checking the module version.
🔧 Temporary Workarounds
Disable Facets module
allTemporarily disable the vulnerable Facets module until patching is possible
drush pm-disable facets
Implement Content Security Policy
allAdd CSP headers to mitigate XSS impact by restricting script execution
Add 'Content-Security-Policy' header to web server configuration
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Disable user input fields that feed into the vulnerable Facets component
🔍 How to Verify
Check if Vulnerable:
Check Facets module version in Drupal admin at /admin/modules or run: drush pm-list | grep facetsCheck Version:
drush pm-list | grep facetsVerify Fix Applied:
Verify Facets module version is 2.0.9 or higher and test input fields for proper sanitization📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript payloads in request logs
- Multiple failed XSS attempts in web server logs
- Suspicious characters in Facets-related parameters
Network Indicators:
- HTTP requests containing script tags or JavaScript in Facets parameters
- Unexpected redirects from Facets pages
SIEM Query:
web_server_logs WHERE (url LIKE '%facets%' AND (request_body CONTAINS '<script>' OR request_body CONTAINS 'javascript:'))