Vulnerabilities > Drupal > Drupal > 8.8.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2020-13669 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. | 4.3 |
| 2022-02-11 | CVE-2020-13670 | Exposure of Resource to Wrong Sphere vulnerability in Drupal Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. | 5.0 |
| 2022-02-11 | CVE-2020-13675 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. | 7.5 |
| 2022-02-11 | CVE-2020-13677 | Unspecified vulnerability in Drupal Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. | 7.5 |
| 2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 6.8 |
| 2021-06-11 | CVE-2020-13688 | Cross-site Scripting vulnerability in Drupal Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. | 4.3 |
| 2021-05-17 | CVE-2020-13667 | Incorrect Default Permissions vulnerability in Drupal Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. | 4.3 |
| 2021-05-05 | CVE-2020-13664 | Command Injection vulnerability in Drupal Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. | 9.3 |
| 2021-05-05 | CVE-2020-13665 | Unspecified vulnerability in Drupal Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. | 7.5 |
| 2020-11-20 | CVE-2020-13671 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. | 8.8 |