|
21
|
7.5
5.0
|
HIGH
Network
|
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values…
|
-
|
CVE-2022-24775
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 8.0.0
|
|
|
9.3.9 9.2.16
|
2024-11-21 15:51
2022-03-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
7.5
5.0
|
HIGH
Network
|
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog inp…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2022-24729
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 8.0.0
|
|
|
9.3.8 9.2.15
|
2024-11-21 15:50
2022-03-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
5.4
3.5
|
MEDIUM
Network
|
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to ver…
|
CWE-79
Cross-site Scripting
|
CVE-2022-24728
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 8.0.0
|
|
|
9.3.8 9.2.15
|
2024-11-21 15:50
2022-03-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
6.5
4.0
|
MEDIUM
Network
|
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not autho…
|
CWE-863
Incorrect Authorization
|
CVE-2022-25270
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 9.2.0
|
|
|
9.3.6 9.2.13
|
2024-11-21 15:51
2022-02-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
7.5
4.3
|
HIGH
Network
|
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values …
|
CWE-20
Improper Input Validation
|
CVE-2022-25271
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 9.2.0 7.0.0
|
|
|
9.3.6 9.2.13 7.88
|
2024-11-21 15:51
2022-02-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
7.5
4.3
|
HIGH
Network
|
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API modul…
|
NVD-CWE-Other
|
CVE-2020-13677
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.0.0
|
|
|
9.2.6 9.1.13 8.9.19
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
6.5
4.0
|
MEDIUM
Network
|
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which come…
|
CWE-863
Incorrect Authorization
|
CVE-2020-13676
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.9.0
|
|
|
9.2.6 9.1.13 8.9.19
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
9.8
7.5
|
CRITICAL
Network
|
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker migh…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13675
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.0.0
|
|
|
9.2.6 9.1.13 8.9.19
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
6.5
4.3
|
MEDIUM
Network
|
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affe…
|
CWE-352
Origin Validation Error
|
CVE-2020-13674
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.9.0
|
|
|
9.2.6 9.1.13 8.9.19
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.1
2.6
|
MEDIUM
Network
|
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions pr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13672
|
cpe:2.3:a:drupal:drupal:*:*
|
9.1.0 9.0.0 8.9.0
|
|
|
9.1.7 9.0.12 8.9.14 7.80
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|