Security News
Several information disclosure and cross-site scripting vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system. The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9.
Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which could be exploited to achieve remote code execution. Drupal is a free and open-source web content management system, and over a million sites run on various versions of it.
Updates released this week by Drupal patch several vulnerabilities, including a flaw that could allow an attacker to execute arbitrary PHP code. The code execution vulnerability, tracked as CVE-2020-13664, can be exploited against Drupal 8 and 9 installations, but only in certain circumstances.
The latest Drupal updates patch cross-site scripting and open redirect vulnerabilities, but they have only been assigned "Moderately critical" severity ratings. Drupal 7.70 fixes an open redirect vulnerability related to "Insufficient validation of the destination query parameter in the drupal goto() function." An attacker can exploit the flaw to redirect users to an arbitrary URL by getting them to click on a specially crafted link, Drupal said in its advisory.
The developers of the Drupal content management system announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library. Drupal uses CKEditor and it has decided to update it to version 4.14, which patches two cross-site scripting vulnerabilities affecting earlier versions of the library.
Drupal developers on Wednesday announced the release of versions 7.69, 8.7.11 and 8.8.1, which address several vulnerabilities, including a potentially serious file processing issue. read more
If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates...
Hackers are taking advantage of vulnerabilities in the Drupal CMS platform by using malicious code disguised as gifs.
Drupal developers on Wednesday informed users that version 8.7.4 is affected by a potentially serious vulnerability, and advised them to update to version 8.7.5, which addresses the issue. read more
Drupal, Typo3 and Joomla are all impacted by the bug.