Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7, 9.0.12, 8.9.14 and 7.80.
Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7, 9.0.12, 8.9.14 and 7.80.
https://www.drupal.org/sa-core-2021-002 https://github.com/drupal/drupal/commit/0d8712d87216b3dfccc511cff3cf2f753620a5ee