CVE-2020-13673 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to cross-site scripting. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2407 | drupal | 9.2.0-1 | 9.2.6-1 | High | Fixed |
| References |
|---|
https://www.drupal.org/sa-core-2021-006 |