6 matches found
Security Bulletin: IBM API Connect is impacted by a cross site scripting vulnerability in Drupal core SA-CORE-2021-002
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 200544 DESCRIPTION: Drupal core is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sanitization API. A remote authenticated attacker could...
Debian: Security Advisory (DLA-2637-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2021-002) - Linux
Drupal is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2021-002) - Windows
Drupal is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Drupal 7.x < 7.80 / 8.9.x < 8.9.14 / 9.x < 9.0.12 / 9.1.x < 9.1.7 XSS (SA-CORE-2021-002)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.80, 8.9.x prior to 8.9.14, 9.x prior to 9.0.12, or 9.1.x prior to 9.1.7. It is, therefore, affected by a vulnerability. - Drupal core's sanitization API fails to properly filter...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this relea...