Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-01 | CVE-2018-25085 | Cross-site Scripting vulnerability in Drupal Responsive Menus 7.X1.7 A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. | 4.8 |
| 2023-04-26 | CVE-2023-31250 | Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. | 6.5 |
| 2023-04-26 | CVE-2022-25276 | Cross-site Scripting vulnerability in Drupal The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. | 6.1 |
| 2023-04-26 | CVE-2022-25277 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). | 7.2 |
| 2023-04-26 | CVE-2022-25278 | Unspecified vulnerability in Drupal Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. | 6.5 |
| 2023-04-26 | CVE-2022-25273 | Improper Input Validation vulnerability in Drupal Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
| 2023-04-26 | CVE-2022-25274 | Incorrect Authorization vulnerability in Drupal Drupal 9.3 implemented a generic entity access API for entity revisions. | 5.4 |
| 2023-04-26 | CVE-2022-25275 | Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. | 7.5 |
| 2022-09-28 | CVE-2022-39261 | Path Traversal vulnerability in multiple products Twig is a template language for PHP. | 7.5 |
| 2022-07-20 | CVE-2022-31160 | Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |