Back to search
CVE-2020-13672
Published: Feb 11, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Core | affected 9.1.x - < 9.1.7affected 9.0.x - < 9.0.12affected 8.9.x - < 8.9.14affected 7.x - < 7.80 |
Weaknesses (CWE)
References
https://www.drupal.org/sa-core-2021-002
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now