Vulnerabilities > Drupal > Drupal > 9.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2020-13669 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. | 4.3 |
| 2022-02-11 | CVE-2020-13670 | Exposure of Resource to Wrong Sphere vulnerability in Drupal Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. | 5.0 |
| 2022-02-11 | CVE-2020-13672 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. | 2.6 |
| 2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 6.8 |
| 2021-06-11 | CVE-2020-13688 | Cross-site Scripting vulnerability in Drupal Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. | 4.3 |
| 2021-06-09 | CVE-2021-33829 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | 6.1 |
| 2021-05-17 | CVE-2020-13667 | Incorrect Default Permissions vulnerability in Drupal Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. | 4.3 |
| 2021-05-05 | CVE-2020-13664 | Command Injection vulnerability in Drupal Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. | 9.3 |
| 2021-05-05 | CVE-2020-13665 | Unspecified vulnerability in Drupal Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. | 7.5 |
| 2021-01-18 | CVE-2020-36193 | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |