DRUPAL-CORE-2023-004

Drupal core provides a page that outputs the markup from `phpinfo()` to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the attack. This vulnerability is mitigated by the fact that a successful XSS exploit is required in order to exploit it.