Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| drupal/core(Packagist) | 7.0.0 | 7.80 | N/A |
| drupal/core(Packagist) | 8.0.0 | 8.9.14 | N/A |
| drupal/core(Packagist) | 9.0.0 | 9.0.12 | N/A |
| drupal/core(Packagist) | 9.1.0 | 9.1.7 | N/A |
| drupal/drupal(Packagist) | 7.0.0 | 7.80 | N/A |
| drupal/drupal(Packagist) | 8.0.0 | 8.9.14 | N/A |
| drupal/drupal(Packagist) | 9.0.0 | 9.0.12 | N/A |
| drupal/drupal(Packagist) | 9.1.0 | 9.1.7 | N/A |
CVSS Metrics
