Vulnerabilities > Drupal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2020-13677 | Unspecified vulnerability in Drupal Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. | 7.5 |
2021-11-17 | CVE-2021-41165 | CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
2021-11-17 | CVE-2021-41164 | CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 8.8 |
2021-06-11 | CVE-2020-13688 | Cross-site Scripting vulnerability in Drupal Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. | 6.1 |
2021-06-09 | CVE-2021-33829 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | 6.1 |
2021-05-17 | CVE-2020-13667 | Incorrect Default Permissions vulnerability in Drupal Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. | 5.3 |