James Gilliland

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 10.5.9 Drupal versions prior to 10.6.7 Drupal versions prior to 11.2.11 Drupal versions prior to 11.3.7 **Description** Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to cross-site scripting (XSS), a flaw where malicious scripts are injected into trusted websites. **Recommendations** Update to version 10.5.9 Update to version 10.6.7 Update to version 11.2.11 Update to version 11.3.7

**Name of the Vulnerable Software and Affected Versions** Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 **Description** A flaw exists in Drupal core related to the use of a web browser cache that can contain sensitive information. This is due to incorrectly configured access control security levels. **Recommendations** Update Drupal core to version 10.4.9 or later. Update Drupal core to version 10.5.6 or later. Update Drupal core to version 11.1.9 or later. Update Drupal core to version 11.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Ignition Error Pages versions 0.0.0 through 1.0.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), in Drupal Ignition Error Pages. This allows for Cross-Site Scripting (XSS) attacks. **Recommendations** For Ignition Error Pages versions 0.0.0 through 1.0.3, update to version 1.0.4 or later to resolve the issue.