CVE-2020-13672: Drupal core Cross-site Scripting (XSS) vulnerability
(updated )
Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml
- github.com/advisories/GHSA-3m36-mjwj-352c
- github.com/drupal/core
- nvd.nist.gov/vuln/detail/CVE-2020-13672
- www.drupal.org/sa-core-2021-002
Code Behaviors & Features
Detect and mitigate CVE-2020-13672 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →