Drupal core allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

EUVD-2026-31002

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

CVE-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

CVE-2026-6367

Drupal core vulnerable component: CKEditor 5 entity suggestions. Versions 11.3.0–11.3.6 expose an XSS due to insufficient sanitization of the suggestions; fixed in 11.3.7. Applies to Drupal core 11.3.x (11.3.0–11.3.6). Remediation: update to 11.3.7 per PT-2026-33242 / SA-CORE-2026-003. Exploitati...

Grafana < 10.4.18 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...

Code injection

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code...