Vulnerabilities > Drupal > Drupal > 9.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2020-13674 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. | 4.3 |
| 2022-02-11 | CVE-2020-13675 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. | 7.5 |
| 2022-02-11 | CVE-2020-13676 | Incorrect Authorization vulnerability in Drupal The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. | 4.0 |
| 2022-02-11 | CVE-2020-13677 | Unspecified vulnerability in Drupal Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. | 7.5 |
| 2021-11-17 | CVE-2021-41165 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41164 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-06-09 | CVE-2021-33829 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | 6.1 |