drupal.org – Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might …
Tweeted by @TheHackersNews https://twitter.com/TheHackersNews/status/1384952148706926593
Drupal core – Critical – Cross-site scripting – SA-CORE-2021-002