EPSS
Percentile
24.4%
drupal is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the attribute_name parameter.
attribute_name
security-tracker.debian.org/tracker/CVE-2020-13672
www.drupal.org/sa-core-2021-002