Boletines de Vulnerabilidades

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13672Description: Drupal cores sanitization API fails to properly filter cross-site scripting under certain circumstances.Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this

More info:

https://www.drupal.org/sa-core-2021-002

Identificadores estándar
Propiedad Valor
CVE CVE-2020-13672.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2021-04-28

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT