๐ [SA-CORE-2020-007] Added escaping to the API to prevent XSS attack
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: portal.patchman.co
The Drupal AJAX API did not disable JSONP by default, which could lead to cross-site scripting.
This vulnerability affects the following application versions:
- Drupal 8.0.0
- Drupal 8.0.1
- Drupal 8.0.2
- Drupal 8.0.3
- Drupal 8.0.4
- Drupal 8.0.5
- Drupal 8.0.6
- Drupal 8.1.0
- Drupal 8.1.1
- Drupal 8.1.2
- Drupal 8.1.3
- Drupal 8.1.4
- Drupal 8.1.5
- Drupal 8.1.6
- Drupal 8.1.7
- Drupal 8.1.8
- Drupal 8.1.9
- Drupal 8.1.10
- Drupal 8.2.0
- Drupal 8.2.1
- Drupal 8.2.2
- Drupal 8.2.3
- Drupal 8.2.4
- Drupal 8.2.5
- Drupal 8.2.6
- Drupal 8.2.7
- Drupal 8.2.8
- Drupal 8.3.0
- Drupal 8.3.1
- Drupal 8.3.2
- Drupal 8.3.3
- Drupal 8.3.4
- Drupal 8.3.5
- Drupal 8.3.6
- Drupal 8.3.7
- Drupal 8.3.8
- Drupal 8.3.9
- Drupal 8.4.0
- Drupal 8.4.1
- Drupal 8.4.2
- Drupal 8.4.3
- Drupal 8.4.4
- Drupal 8.4.5
- Drupal 8.4.6
- Drupal 8.4.7
- Drupal 8.4.8
- Drupal 8.5.0
- Drupal 8.5.1
- Drupal 8.5.2
- Drupal 8.5.3
- Drupal 8.5.4
- Drupal 8.5.5
- Drupal 8.5.6
- Drupal 8.5.7
- Drupal 8.5.8
- Drupal 8.5.9
- Drupal 8.5.10
- Drupal 8.5.11
- Drupal 8.5.12
- Drupal 8.5.13
- Drupal 8.5.14
- Drupal 8.5.15
- Drupal 8.6.0
- Drupal 8.6.1
- Drupal 8.6.2
- Drupal 8.6.3
- Drupal 8.6.4
- Drupal 8.6.5
- Drupal 8.6.6
- Drupal 8.6.7
- Drupal 8.6.8
- Drupal 8.6.9
- Drupal 8.6.10
- Drupal 8.6.11
- Drupal 8.6.12
- Drupal 8.6.13
- Drupal 8.6.14
- Drupal 8.6.15
- Drupal 8.6.16
- Drupal 8.6.17
- Drupal 8.6.18
- Drupal 8.7.0
- Drupal 8.7.1
- Drupal 8.7.2
- Drupal 8.7.3
- Drupal 8.7.4
- Drupal 8.7.5
- Drupal 8.7.6
- Drupal 8.7.7
- Drupal 8.7.8
- Drupal 8.7.9
- Drupal 8.7.10
- Drupal 8.7.11
- Drupal 8.7.12
- Drupal 8.7.13
- Drupal 8.7.14
- Drupal 8.8.0
- Drupal 8.8.1
- Drupal 8.8.2
- Drupal 8.8.3
- Drupal 8.8.4
- Drupal 8.8.5
- Drupal 8.8.6
- Drupal 8.8.7
- Drupal 8.8.8
- Drupal 8.8.9
- Drupal 8.9.0
- Drupal 8.9.1
- Drupal 8.9.2
- Drupal 8.9.3
- Drupal 8.9.4
- Drupal 8.9.5
- Drupal 9.0.0
- Drupal 9.0.1
- Drupal 9.0.2
- Drupal 9.0.3
- Drupal 9.0.4
- Drupal 9.0.5