The Drupal Security Team announced on February 23rd 2022, a moderately critical Cross-Site Scripting (XSS) vulnerability in the Entity Reference Tree Widget module SA-CONTRIB-2022-026.
Drupal Security Team announced a Cross-Site Scripting (XSS) vulnerability SA-CONTRIB-2022-024 that has low criticality index in the Custom Breadcrumbs Module on February 9th, 2022.
The Drupal Security Team announced a moderately critical Cross-site Scripting-SA-CONTRIB-2022-011 Vulnerability in Navbar module in Drupal 7on January 25th, 2022.
A Drupal security advisory was announced against a moderately critical XSS vulnerability (SA-CONTRIB-2022-004) in the vendor library, jQuery UI, on January 19th, 2022
The Drupal security team announced a moderately critical cross site scripting (XSS) vulnerability SA-CONTRIB-2022-003 in WYSIWYG Drupal 7 on 2022, January 5th.
The Drupal security team has issued on December 8th, 2021 critical cross-site scripting (XSS) and access bypass vulnerability for webform (SA-CONTRIB-2021-045).
CKEditor has released a security update SA- Core-2021-011 that impacts Drupal. The issue, dated November 17, 2021, is classified as a moderately critical cross-site scripting (XSS) vulnerability.