Boletines de Vulnerabilidades

Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002


Información sobre el sistema

   
Software afectado Drupal

Descripción

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross site scriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life.Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-2022-001, further security vulnerabilities

More info:

https://www.drupal.org/sa-core-2022-002

Identificadores estándar

Propiedad Valor
CVE CVE-2021-41182 ,CVE-2021-41183 ,CVE-2016-7103 and CVE-2010-5312.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-01-22

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT