Vulnerabilities > Drupal > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-45440 Information Exposure Through an Error Message vulnerability in Drupal 20230509
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
network
low complexity
drupal CWE-209
5.3
2023-05-01 CVE-2018-25085 Cross-site Scripting vulnerability in Drupal Responsive Menus
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal.
network
low complexity
drupal CWE-79
4.8
2023-04-26 CVE-2023-31250 Incorrect Authorization vulnerability in Drupal
The file download facility doesn't sufficiently sanitize file paths in certain situations.
network
low complexity
drupal CWE-863
6.5
2023-04-26 CVE-2022-25276 Cross-site Scripting vulnerability in Drupal
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain.
network
low complexity
drupal CWE-79
6.1
2023-04-26 CVE-2022-25278 Unspecified vulnerability in Drupal
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly.
network
low complexity
drupal
6.5
2023-04-26 CVE-2022-25274 Incorrect Authorization vulnerability in Drupal
Drupal 9.3 implemented a generic entity access API for entity revisions.
network
low complexity
drupal CWE-863
5.4
2022-07-20 CVE-2022-31160 Cross-site Scripting vulnerability in multiple products
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian CWE-79
6.1
2022-06-03 CVE-2022-26493 Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability.
network
low complexity
drupal CWE-295
6.5
2022-03-21 CVE-2022-24775 Improper Input Validation vulnerability in multiple products
guzzlehttp/psr7 is a PSR-7 HTTP message library.
network
low complexity
drupal guzzlephp CWE-20
5.0
2022-03-16 CVE-2022-24728 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject CWE-79
5.4