7.73

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-26	CVE-2023-31250	Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. network low complexity drupal CWE-863	6.5
2023-04-26	CVE-2022-25275	Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. network low complexity drupal	7.5
2022-02-16	CVE-2022-25271	Improper Input Validation vulnerability in multiple products Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. network low complexity drupal fedoraproject CWE-20	7.5
2022-02-11	CVE-2020-13672	Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. network high complexity drupal CWE-79	2.6
2021-10-26	CVE-2021-41182	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp debian drupal oracle tenable CWE-79	6.1
2021-10-26	CVE-2021-41183	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp debian drupal oracle tenable CWE-79	6.1
2021-10-26	CVE-2021-41184	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp drupal tenable oracle CWE-79	6.1
2021-01-18	CVE-2020-36193	Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. network low complexity php fedoraproject debian drupal CWE-59	7.5
2020-11-20	CVE-2020-13671	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. network low complexity drupal fedoraproject CWE-434	8.8
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8