CVE-2020-13673 log

Severity High
Remote Yes
Type Cross-site scripting
The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to cross-site scripting.
Group Package Affected Fixed Severity Status Ticket
AVG-2407 drupal 9.2.0-1 9.2.6-1 High Fixed