XSS in Drupal Core

CVE-2020-13669

Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (42.4th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions 8.8.x, 8.9.x, 9.0.x

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.drupal.org/sa-core-2020-010 (x_refsource_CONFIRM)