Vulnerability Bulletins

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001


System information

   
Affected software Drupal

Description

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may

More info:

https://www.drupal.org/sa-core-2022-001

Standar resources

Property Value
CVE CVE-2021-41184.

Version history

Version Comments Date
1.0 Advisory issued 2022-01-21
Ministerio de Defensa
CNI
CCN
CCN-CERT