FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Multiple Vulnerabilities

Affected packages
		drupal7	<	7.72

Details

VuXML ID	95d9d986-1078-11eb-ab74-4c72b94353b5
Discovery	2020-09-16
Entry	2020-10-17

Drupal Security Team reports:

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

[source]

References

URL	https://www.drupal.org/sa-core-2020-007

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.