1 matches found
Cross-site Scripting (XSS)
drupal/drupal is vulnerable to cross-site scripting XSS attacks. The checkPlain function doesn't properly sanitize escape characters, allowing a malicious user to inject and execute arbitrary Javascript...