XSS in Drupal Core

CVE-2020-13672

Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (68.5th percentile) — read the EPSS interpretation.