Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003
|
Información sobre el sistema
|
|
|
Software afectado |
Drupal |
Descripción
|
Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingCVE IDs: CVE-2021-33829Description: Update: 2021-06-11: Added CVE-2021-33829 identifierDrupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. CKEditor 4.16.1 and later include the fix.Update: 2021-06-11: More details are available on CKEditors blog.Users
More info:
https://www.drupal.org/sa-core-2021-003 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2021-33829. |