Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingDescription: Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.Solution: Install the latest version:

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.Reported By: 

Fixed By: 

Path to article https://www.drupal.org/sa-core-2021-002