Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-45440 | Information Exposure Through an Error Message vulnerability in Drupal 20230509 core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. | 5.3 |
| 2023-05-01 | CVE-2018-25085 | Cross-site Scripting vulnerability in Drupal Responsive Menus A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. | 4.8 |
| 2023-04-26 | CVE-2023-31250 | Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. | 6.5 |
| 2023-04-26 | CVE-2022-25276 | Cross-site Scripting vulnerability in Drupal The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. | 6.1 |
| 2023-04-26 | CVE-2022-25278 | Unspecified vulnerability in Drupal Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. | 6.5 |
| 2023-04-26 | CVE-2022-25274 | Incorrect Authorization vulnerability in Drupal Drupal 9.3 implemented a generic entity access API for entity revisions. | 5.4 |
| 2022-07-20 | CVE-2022-31160 | Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |
| 2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.4 |
| 2022-02-17 | CVE-2022-25270 | Incorrect Authorization vulnerability in Drupal The Quick Edit module does not properly check entity access in some circumstances. | 6.5 |
| 2022-02-11 | CVE-2020-13668 | Cross-site Scripting vulnerability in Drupal Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. | 6.1 |