Vulnerabilities > Drupal > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2020-13688 Cross-site Scripting vulnerability in Drupal
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
network
low complexity
drupal CWE-79
6.1
2021-06-09 CVE-2021-33829 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
network
low complexity
ckeditor fedoraproject drupal debian CWE-79
6.1
2021-05-17 CVE-2020-13667 Incorrect Default Permissions vulnerability in Drupal
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions.
network
low complexity
drupal CWE-276
5.3
2021-05-05 CVE-2020-13662 Open Redirect vulnerability in Drupal
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
network
low complexity
drupal CWE-601
6.1
2021-05-05 CVE-2020-13666 Cross-site Scripting vulnerability in Drupal
Cross-site scripting vulnerability in Drupal Core.
network
low complexity
drupal CWE-79
6.1
2020-04-29 CVE-2020-11022 Cross-site Scripting vulnerability in multiple products
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-04-29 CVE-2020-11023 Cross-site Scripting vulnerability in multiple products
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1
2020-02-18 CVE-2013-4226 Missing Authorization vulnerability in Drupal Authenticated User Page Caching
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
network
low complexity
drupal CWE-862
6.5
2020-01-14 CVE-2011-2714 Cross-site Scripting vulnerability in Drupal Data and Drupal
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
network
low complexity
drupal CWE-79
6.1