Security Alert (A21-04-09): Vulnerability in Drupal
23 April 2021
Drupal has released a security advisory to address a vulnerability of improper sanitisation of API requests in Drupal Core. A remote attacker may send specially crafted API requests to a vulnerable system to exploit the vulnerability.
Please note that Drupal 8 prior to version 8.9.x has reached its End-Of-Life (EOL). No security updates will be provided after that. Users should arrange upgrading the Drupal to supported versions or migrating to other supported technology.
Drupal version 7.x
Drupal version 8.9.x
Drupal version 9.0.x
Drupal version 9.1.x
A successful attack could lead to cross site scripting on an affected system.
The product vendor has released patches to address the issues.