Reflected cross-site scripting (XSS) In drupal/core
Description
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | 8.8.10, 8.9.6, 9.0.6 | ||
packagist | 8.8.10, 8.9.6, 9.0.6 |
Aliases
1. 2. 3. 4.
References
1. 2. 3.