logo

Database

Server side cross-site scripting In drupal/core

Description

Drupal core allows Cross-Site Scripting (XSS) Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).

This issue affects Drupal core: from 11.3.0 before 11.3.7.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-63672. NVD-2026-63673. OSV-2026-63674. GCVE-2026-6367

References

1. https://www.drupal.org/sa-core-2026-003

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.