Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2022-02-17 CVE-2022-25270 Incorrect Authorization vulnerability in Drupal
The Quick Edit module does not properly check entity access in some circumstances.
network
low complexity
drupal CWE-863
6.5
2022-02-16 CVE-2022-25271 Improper Input Validation vulnerability in multiple products
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation.
network
low complexity
drupal fedoraproject CWE-20
7.5
2022-02-11 CVE-2020-13668 Cross-site Scripting vulnerability in Drupal
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13669 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13670 Exposure of Resource to Wrong Sphere vulnerability in Drupal
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.
network
low complexity
drupal CWE-668
7.5
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13673 Cross-site Scripting vulnerability in Drupal Entity Embed 8.X1.0/8.X1.1/8.X1.2
The Entity Embed module provides a filter to allow embedding entities in content fields.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13674 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
network
low complexity
drupal CWE-352
6.5
2022-02-11 CVE-2020-13675 Unrestricted Upload of File with Dangerous Type vulnerability in Drupal
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs.
network
low complexity
drupal CWE-434
critical
9.8
2022-02-11 CVE-2020-13676 Incorrect Authorization vulnerability in Drupal
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.
network
low complexity
drupal CWE-863
6.5