[MEDIUM] Drupal core allows Cross-Site Scripting (XSS)

PKSA-787q-p7fn-mcw7 CVE-2026-6367 GHSA-pw6f-3999-xp7g

Affected package: drupal/core

Affected version: >=11.3.0,<11.3.7

Reported by:
GitHub