Moderate severityNVD Advisory· Published Feb 11, 2022· Updated Aug 4, 2024
CVE-2020-13672
CVE-2020-13672
Description
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 7.0.0, < 7.80 | 7.80 |
drupal/corePackagist | >= 8.0.0, < 8.9.14 | 8.9.14 |
drupal/corePackagist | >= 9.0.0, < 9.0.12 | 9.0.12 |
drupal/corePackagist | >= 9.1.0, < 9.1.7 | 9.1.7 |
drupal/drupalPackagist | >= 7.0.0, < 7.80 | 7.80 |
drupal/drupalPackagist | >= 8.0.0, < 8.9.14 | 8.9.14 |
drupal/drupalPackagist | >= 9.0.0, < 9.0.12 | 9.0.12 |
drupal/drupalPackagist | >= 9.1.0, < 9.1.7 | 9.1.7 |
Affected products
4- osv-coords3 versions
< 7.80.0+ 2 more
- (no CPE)range: < 7.80.0
- (no CPE)range: >= 7.0.0, < 7.80
- (no CPE)range: >= 7.0.0, < 7.80
- Drupal/Corev5Range: 9.1.x
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3m36-mjwj-352cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13672ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yamlghsaWEB
- www.drupal.org/sa-core-2021-002ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.