Vulnerabilities > Drupal > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2020-13669 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13673 Cross-site Scripting vulnerability in Drupal Entity Embed 8.X1.0/8.X1.1/8.X1.2
The Entity Embed module provides a filter to allow embedding entities in content fields.
network
low complexity
drupal CWE-79
6.1
2022-02-11 CVE-2020-13674 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
network
low complexity
drupal CWE-352
6.5
2022-02-11 CVE-2020-13676 Incorrect Authorization vulnerability in Drupal
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.
network
low complexity
drupal CWE-863
6.5
2021-11-17 CVE-2021-41165 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle CWE-79
5.4
2021-11-17 CVE-2021-41164 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject CWE-79
5.4
2021-10-26 CVE-2021-41182 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41183 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1
2021-10-26 CVE-2021-41184 Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
6.1