Vulnerability Bulletins

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002


System information

   
Affected software Drupal

Description

Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13672Description: Drupal cores sanitization API fails to properly filter cross-site scripting under certain circumstances.Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this

More info:

https://www.drupal.org/sa-core-2021-002

Standar resources

Property Value
CVE CVE-2020-13672.

Version history

Version Comments Date
1.0 Advisory issued 2021-04-28
Ministerio de Defensa
CNI
CCN
CCN-CERT