CVE-2020-13688

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6

Description A cross-site scripting issue in Drupal Core allows an attacker to exploit the way HTML is rendered for affected forms. This could potentially impact the integrity of data. The issue is related to the lack of protection measures for the structure of web pages.

Recommendations For versions prior to 8.8.10, update to version 8.8.10 or later. For versions prior to 8.9.6, update to version 8.9.6 or later. For versions prior to 9.0.6, update to version 9.0.6 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-04622

BIT-DRUPAL-2020-13688

CVE-2020-13688

DRUPAL-CORE-2020-009

GHSA-QF2G-MRRX-RR5P

Affected Products

Drupal Core

CVE-2020-13688

Weakness Enumeration

Related Identifiers

Affected Products

References · 8