Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2023-05-01 CVE-2018-25085 Cross-site Scripting vulnerability in Drupal Responsive Menus 7.X1.7
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal.
network
low complexity
drupal CWE-79
4.8
2023-04-26 CVE-2023-31250 Incorrect Authorization vulnerability in Drupal
The file download facility doesn't sufficiently sanitize file paths in certain situations.
network
low complexity
drupal CWE-863
6.5
2023-04-26 CVE-2022-25276 Cross-site Scripting vulnerability in Drupal
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain.
network
low complexity
drupal CWE-79
6.1
2023-04-26 CVE-2022-25277 Unrestricted Upload of File with Dangerous Type vulnerability in Drupal
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010).
network
low complexity
drupal CWE-434
7.2
2023-04-26 CVE-2022-25278 Unspecified vulnerability in Drupal
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly.
network
low complexity
drupal
6.5
2023-04-26 CVE-2022-25273 Improper Input Validation vulnerability in Drupal
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation.
network
low complexity
drupal CWE-20
7.5
2023-04-26 CVE-2022-25274 Incorrect Authorization vulnerability in Drupal
Drupal 9.3 implemented a generic entity access API for entity revisions.
network
low complexity
drupal CWE-863
5.4
2023-04-26 CVE-2022-25275 Unspecified vulnerability in Drupal
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
network
low complexity
drupal
7.5
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
2022-07-20 CVE-2022-31160 Cross-site Scripting vulnerability in multiple products
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian CWE-79
6.1