drupal/drupal is vulnerable to cross-site scripting (XSS) attacks. The checkPlain
function doesn’t properly sanitize escape characters, allowing a malicious user to inject and execute arbitrary Javascript.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/drupal | le | 8.4.4 | |
drupal/core | le | 8.4.4 |