Backdrop core - Critical - Cross-site scripting - SA-CORE-2021-002
Date: Wednesday, Apr 21th, 2021 Security risk: Critical Advisory ID: BACKDROP-SA-CORE-2021-002 Vulnerability: Cross Site Scripting
- Backdrop Core 1.18.x versions prior to 1.18.3,
- Backdrop Core 1.17.x versions prior to 1.17.7
- Backdrop versions 1.16 and prior do not receive security coverage.
Backdrop core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.