Vulnerabilities > Drupal > Drupal > 7.72
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-26 | CVE-2023-31250 | Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. | 6.5 |
2023-04-26 | CVE-2022-25275 | Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. | 7.5 |
2022-02-16 | CVE-2022-25271 | Improper Input Validation vulnerability in multiple products Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
2022-02-11 | CVE-2020-13672 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. | 2.6 |
2021-10-26 | CVE-2021-41182 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41183 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-01-18 | CVE-2020-36193 | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |
2020-11-20 | CVE-2020-13671 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. | 8.8 |
2020-11-19 | CVE-2020-28949 | Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. | 7.8 |