CVE-2020-13669

MEDIUM

Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting in CKEditor

Title source: llm

Description

Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.drupal.org/sa-core-2020-010

Scores

CVSS v3 6.1

EPSS 0.0020

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

drupal/core 8.0.0 - 8.8.10Packagist

drupal/drupal 8.0.0 - 8.8.10Packagist

drupal/drupal 8.8.0 - 8.8.10

Published Feb 11, 2022

Tracked Since Feb 18, 2026