FreshPorts - VuXML

Drupal Security Team reports:

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

< 7.72

Drupal Security Team reports:

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are: ... Security issues in jQuerys DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub.

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

< 7.70

< 8.8.6

Drupal Security team reports:

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

gt 7.0 lt 7.80

Drupal Security Team reports:

The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

< 7.72