Vulnerabilities > Drupal > Drupal > 7.11

DATE CVE VULNERABILITY TITLE RISK
2023-04-26 CVE-2023-31250 Incorrect Authorization vulnerability in Drupal
The file download facility doesn't sufficiently sanitize file paths in certain situations.
network
low complexity
drupal CWE-863
6.5
2023-04-26 CVE-2022-25275 Unspecified vulnerability in Drupal
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
network
low complexity
drupal
7.5
2022-02-16 CVE-2022-25271 Improper Input Validation vulnerability in multiple products
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation.
network
low complexity
drupal fedoraproject CWE-20
7.5
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
low complexity
drupal CWE-79
6.1
2021-10-26 CVE-2021-41182 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-26 CVE-2021-41183 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-26 CVE-2021-41184 jQuery-UI is the official jQuery user interface library. 6.1
2021-06-11 CVE-2020-13663 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
network
low complexity
drupal CWE-352
8.8
2021-05-05 CVE-2020-13662 Open Redirect vulnerability in Drupal
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
network
low complexity
drupal CWE-601
6.1
2021-05-05 CVE-2020-13666 Cross-site Scripting vulnerability in Drupal
Cross-site scripting vulnerability in Drupal Core.
network
low complexity
drupal CWE-79
6.1