Описание
Drupal Core Cross-site scripting vulnerability
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Пакеты
drupal/core
>= 8.8.0, < 8.8.10
8.8.10
drupal/core
>= 8.9.0, < 8.9.6
8.9.6
drupal/core
>= 9.0.0, < 9.0.6
9.0.6
drupal/core
>= 7.0.0, < 7.73
7.73
drupal/drupal
>= 7.0.0, < 7.73
7.73
drupal/drupal
>= 8.8.0, < 8.8.10
8.8.10
drupal/drupal
>= 8.9.0, < 8.9.6
8.9.6
drupal/drupal
>= 9.0.0, < 9.0.6
9.0.6
Связанные уязвимости
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...
Уязвимость ядра CMS-системы Drupal, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных