Drupal · Drupal · CVE-2026-6365
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 10.5.9
Drupal versions prior to 10.6.7
Drupal versions prior to 11.2.11
Drupal versions prior to 11.3.7
**Description**
Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to cross-site scripting (XSS), a flaw where malicious scripts are injected into trusted websites.
**Recommendations**
Update to version 10.5.9
Update to version 10.6.7
Update to version 11.2.11
Update to version 11.3.7