Vulnerabilities > Drupal > Drupal > 7.19

DATE CVE VULNERABILITY TITLE RISK
2023-04-26 CVE-2023-31250 Incorrect Authorization vulnerability in Drupal
The file download facility doesn't sufficiently sanitize file paths in certain situations.
network
low complexity
drupal CWE-863
6.5
2023-04-26 CVE-2022-25275 Unspecified vulnerability in Drupal
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
network
low complexity
drupal
7.5
2022-02-16 CVE-2022-25271 Improper Input Validation vulnerability in multiple products
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation.
network
low complexity
drupal fedoraproject CWE-20
7.5
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
high complexity
drupal CWE-79
2.6
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41184 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-06-11 CVE-2020-13663 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
network
drupal CWE-352
6.8
2021-05-05 CVE-2020-13662 Open Redirect vulnerability in Drupal
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
network
drupal CWE-601
5.8
2021-01-18 CVE-2020-36193 Link Following vulnerability in multiple products
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
network
low complexity
php fedoraproject debian drupal CWE-59
7.5