CVE-2020-13668: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 12, 2022 (updated February 26, 2022)

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

References

github.com/advisories/GHSA-m6q5-wv4x-fv6h
nvd.nist.gov/vuln/detail/CVE-2020-13668
www.drupal.org/sa-core-2020-009

Code Behaviors & Features

Detect and mitigate CVE-2020-13668 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →