2 matches found
Drupal 10.3.x < 10.3.14 / 10.4.x < 10.4.5 / 11.x < 11.0.13 / 11.1.x < 11.1.5 Drupal Vulnerability (SA-CORE-2025-004)
According to its self-reported version, the instance of Drupal running on the remote web server is 10.3.x prior to 10.3.14, 10.4.x prior to 10.4.5, 11.x prior to 11.0.13, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. - Improper Neutralization of Input During Web Page...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004
Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability XSS. This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit acce...