EPSS
Percentile
31.5%
drupal/drupal is vulnerable to cross-site request forgery (CSRF). The Form API does not properly handle certain form input from cross-site requests, which allow remote attackers to submit requests on behalf of the authenticated user.
www.drupal.org/sa-core-2020-004