CVE-2020-13669: Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
(updated )
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml
- github.com/advisories/GHSA-c533-c843-67h8
- github.com/drupal/core
- nvd.nist.gov/vuln/detail/CVE-2020-13669
- www.drupal.org/sa-core-2020-010
Code Behaviors & Features
Detect and mitigate CVE-2020-13669 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →