CVE-2020-11023, GHSA-jpcq-cgw6-v4j6
packagist/drupal/core
Cross-site Scripting
In jQuery, passing HTML containing <option>
elements from untrusted sources, even after sanitizing it, to one of jQuery's DOM manipulation methods (i.e., .html()
, .append()
, and others) may execute untrusted code.
All versions starting from 7.0 before 7.70, all versions starting from 8.7.0 before 8.7.14, all versions starting from 8.8.0 before 8.8.6
Upgrade to versions 8.0.0, 8.7.14, 8.8.6 or above.
2021-02-19
source |