Boletines de Vulnerabilidades

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2020-September-16Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13668Description: Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade

More info:

https://www.drupal.org/sa-core-2020-009

Identificadores estándar
Propiedad Valor
CVE CVE-2020-13668.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2020-09-18

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT