Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-13672
Reference:
CVE-2020-13672
Title:
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site Scripting (XSS) vulnerability in Drupal core39s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7 9.0.x versions prior to 9.0.12 8.9.x versions prior to 8.9.14 7.x versions prior to 7.80.