Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

2020-09-16T00:00:00
ID DRUPAL-SA-CORE-2020-009
Type drupal
Reporter Drupal Security Team
Modified 2020-09-16T00:00:00

Description

Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.