EPSS
Percentile
56.3%
drupal/drupal is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the inclusion of a vulnerable jQuery which allows untrusted domains request through AJAX requests, allowing XSS to occur.
bugzilla.redhat.com/show_bug.cgi?id=1548196
github.com/drupal/drupal/commit/2983a0d440ed8871a109237d145e5efabe0490ee
www.drupal.org/sa-core-2018-001