CVE-2020-13672 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7, 9.0.12, 8.9.14 and 7.80. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1463 | drupal | 9.0.6-2 | 9.1.7-1 | Critical | Fixed |
| References |
|---|
https://www.drupal.org/sa-core-2021-002 https://github.com/drupal/drupal/commit/0d8712d87216b3dfccc511cff3cf2f753620a5ee |