Drupal patches Critical XSS vulnerability in Drupal Core

Drupal patches Critical XSS vulnerability in Drupal Core

Drupal has patched a Critical cross-site scripting (XSS) vulnerability in Drupal Core.

A remote attacker could exploit this vulnerability to compromise an affected system.

The Drupal update SA-CORE-2021-002 patches a Critical vulnerability where Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue affects Drupal 7, 8.9, 9.0 and 9.1.

Moreover, patches are not available for end-of-life versions of Drupal 8 prior to 8.9x.

There was no CVE assigned to this vulnerability at the time of advisory publication.

Related Articles