CVE-2021-33829 log

Severity High
Remote Yes
Type Cross-site scripting
Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to a cross-site scripting (XSS) attack. CKEditor 4.16.1 and later, as bundled with Drupal 9.1.9, include the fix.
Group Package Affected Fixed Severity Status Ticket
AVG-2069 drupal 9.1.7-1 9.1.10-1 High Fixed
Date Advisory Group Package Severity Type
15 Jun 2021 ASA-202106-35 AVG-2069 drupal High cross-site scripting