The open-source content management system has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core. One of the flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in the CMS. The rest of the vulnerabilities reside in Symfony PHP components used by Drupal Core that could result in remote code execution and authentication bypass attacks.
Source: https://thehackernews.com/2019/04/drupal-security-update.html