Security Alert (A20-05-05): Multiple Vulnerabilities in Drupal
22 May 2020
Drupal has released security advisories to address cross site scripting and open redirect vulnerabilities in the jQuery library and the “drupal_goto” function of Drupal Core. A remote attacker may send specially crafted HTTP requests to exploit the vulnerabilities.
Please note that Drupal 8 prior to version 8.7 has reached its End-Of-Life (EOL) in December 2019. No security updates will be provided after that. Users should arrange upgrading the Drupal to supported versions or migrating to other supported technology.
Drupal version 7.x
Drupal version 8.7.x and 8.8.x
A successful attack could lead to cross site scripting on an affected system or redirecting users to malicious websites.
The product vendor has released patches to address the issues.