Description
Drupal Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to inject disallowed values into forms or overwrite data. Drupal Core versions 9.3.x ranging from 9.3.0 and up to and including 9.3.5 are vulnerable.
Remediation
Update to Drupal Core version 9.3.6 or latest
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2322 Vulnerability (CVE-2011-2322)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.0.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)
WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)