CVE-2020-9281

Cross-site Scripting in packagist/drupal/drupal

Identifier

CVE-2020-9281

Package Slug

packagist/drupal/drupal

Vulnerability

Cross-site Scripting

Description

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor allows remote attackers to inject arbitrary web script through a crafted protected comment (with the cke_protected syntax).

Affected Versions

All versions starting from 8.7.0 before 8.7.12, all versions starting from 8.8.0 before 8.8.4

Solution

Upgrade to versions 8.7.12, 8.8.4 or above.

Last Modified

2021-10-01

source