GHSA-pw6f-3999-xp7gMediumCVSS 6.1

Drupal core allows Cross-Site Scripting (XSS)

Published
May 20, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (1)

📋 Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).

This issue affects Drupal core: from 11.3.0 before 11.3.7.

🎯 Affected products1

  • composer/drupal/core:>= 11.3.0, < 11.3.7

🔗 References (3)