A jQuery cross site scripting vulnerability is present when making Ajax
requests to untrusted domains. This vulnerability is mitigated by the fact
that it requires contributed or custom modules in order to exploit. For
Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the
Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current
release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal
7 core) as well as for other newer versions of jQuery that might be used on
the site, for example using the jQuery Update module.
Upstream:released (7.57-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-09 21:36:01 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)