CVE-2021-33829 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to a cross-site scripting (XSS) attack. CKEditor 4.16.1 and later, as bundled with Drupal 9.1.9, include the fix. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2069 | drupal | 9.1.7-1 | 9.1.10-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 15 Jun 2021 | ASA-202106-35 | AVG-2069 | drupal | High | cross-site scripting |
| References |
|---|
https://www.drupal.org/sa-core-2021-003 https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser |