Security News

Information Disclosure, XSS Vulnerabilities Patched in Drupal
2020-09-17 14:39

Several information disclosure and cross-site scripting vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system. The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9.

Drupal fixes three vulnerabilities, including one RCE
2020-06-19 10:45

Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which could be exploited to achieve remote code execution. Drupal is a free and open-source web content management system, and over a million sites run on various versions of it.

Drupal Patches Code Execution Flaw Most Likely to Impact Windows Servers
2020-06-18 12:37

Updates released this week by Drupal patch several vulnerabilities, including a flaw that could allow an attacker to execute arbitrary PHP code. The code execution vulnerability, tracked as CVE-2020-13664, can be exploited against Drupal 8 and 9 installations, but only in certain circumstances.

XSS, Open Redirect Vulnerabilities Patched in Drupal
2020-05-21 12:26

The latest Drupal updates patch cross-site scripting and open redirect vulnerabilities, but they have only been assigned "Moderately critical" severity ratings. Drupal 7.70 fixes an open redirect vulnerability related to "Insufficient validation of the destination query parameter in the drupal goto() function." An attacker can exploit the flaw to redirect users to an arbitrary URL by getting them to click on a specially crafted link, Drupal said in its advisory.

Drupal Updates CKEditor to Patch XSS Vulnerabilities
2020-03-19 19:21

The developers of the Drupal content management system announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library. Drupal uses CKEditor and it has decided to update it to version 4.14, which patches two cross-site scripting vulnerabilities affecting earlier versions of the library.

Vulnerability Related to Processing of Archive Files Patched in Drupal
2019-12-19 13:18

Drupal developers on Wednesday announced the release of versions 7.69, 8.7.11 and 8.8.1, which address several vulnerabilities, including a potentially serious file processing issue. read more

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
2019-12-19 06:42

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates...

Cybercriminals using gifs to corrupt Drupal sites
2019-10-07 20:06

Hackers are taking advantage of vulnerabilities in the Drupal CMS platform by using malicious code disguised as gifs.

Vulnerability Allows Hackers to Take Control of Drupal 8 Websites
2019-07-18 05:52

Drupal developers on Wednesday informed users that version 8.7.4 is affected by a potentially serious vulnerability, and advised them to update to version 8.7.5, which addresses the issue. read more

Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
2019-05-09 16:00

Drupal, Typo3 and Joomla are all impacted by the bug.