logo

Database

Reflected cross-site scripting (XSS) In drupal/core

Description

Drupal Core Cross-site scripting vulnerability Cross-site scripting vulnerability in Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-136882. NVD-2020-136883. OSV-2020-136884. GCVE-2020-13688

References

1. https://www.drupal.org/sa-core-2020-009

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.