CVE-2020-13666
05.05.2021, 14:15
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
| Vendor | Product | Version |
|---|---|---|
| drupal | drupal | 7.0 ≤ 𝑥 < 7.73 |
| drupal | drupal | 8.8.0 ≤ 𝑥 < 8.8.10 |
| drupal | drupal | 8.9.0 ≤ 𝑥 < 8.9.6 |
| drupal | drupal | 9.0.0 ≤ 𝑥 < 9.0.6 |
𝑥
= Vulnerable software versions
Ubuntu Releases