Vulnerabilities > Drupal > Drupal > 7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-26 | CVE-2023-31250 | Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. | 6.5 |
2023-04-26 | CVE-2022-25275 | Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. | 7.5 |
2022-02-16 | CVE-2022-25271 | Improper Input Validation vulnerability in multiple products Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
2022-02-11 | CVE-2020-13672 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. | 2.6 |
2021-10-26 | CVE-2021-41182 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41183 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 6.8 |
2021-05-05 | CVE-2020-13662 | Open Redirect vulnerability in Drupal Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. | 5.8 |
2021-01-18 | CVE-2020-36193 | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |