Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
|
System information
|
| |
|
|
Affected software |
Drupal |
Description
|
Project: Drupal coreDate: 2020-September-16Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13668Description: Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade
More info:
https://www.drupal.org/sa-core-2020-009 |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2020-13668. |
