|
31
|
7.5
5.0
|
HIGH
Network
|
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the I…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13670
|
cpe:2.3:a:drupal:drupal:*:*
|
9.0.0 8.9.0 8.8.0
|
|
|
9.0.6 8.9.6 8.8.10
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
6.1
4.3
|
MEDIUM
Network
|
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13669
|
cpe:2.3:a:drupal:drupal:*:*
|
9.0.0 8.9.0 8.8.0
|
|
|
9.0.6 8.9.6 8.8.10
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
6.1
4.3
|
MEDIUM
Network
|
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13668
|
cpe:2.3:a:drupal:drupal:*:*
|
9.0.0 8.9.0 8.8.0
|
|
|
9.0.6 8.9.6 8.8.10
|
2024-11-21 14:01
2022-02-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
5.4
3.5
|
MEDIUM
Network
|
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerab…
|
-
|
CVE-2021-41165
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.9.0
|
|
|
9.2.9 9.1.14 8.9.20
|
2024-11-21 15:25
2021-11-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
5.4
3.5
|
MEDIUM
Network
|
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. Th…
|
-
|
CVE-2021-41164
|
cpe:2.3:a:drupal:drupal:*:*
|
9.2.0 9.1.0 8.9.0
|
|
|
9.2.9 9.1.14 8.9.20
|
2024-11-21 15:25
2021-11-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
6.1
4.3
|
MEDIUM
Network
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. T…
|
-
|
CVE-2021-41184
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 9.2.0 7.0
|
|
|
9.3.3 9.2.11 7.86
|
2024-11-21 15:25
2021-10-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
6.1
4.3
|
MEDIUM
Network
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted …
|
-
|
CVE-2021-41183
|
cpe:2.3:a:drupal:drupal:*:*
|
9.3.0 9.2.0 7.0
|
|
|
9.3.3 9.2.11 7.86
|
2024-11-21 15:25
2021-10-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
6.1
4.3
|
MEDIUM
Network
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted co…
|
-
|
CVE-2021-41182
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0
|
|
|
7.86
|
2024-11-21 15:25
2021-10-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
8.8
6.8
|
HIGH
Network
|
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
|
CWE-352
Origin Validation Error
|
CVE-2020-13663
|
cpe:2.3:a:drupal:drupal:*:*
|
9.0.0 8.9.0 8.8.0 7.0
|
|
|
9.0.1 8.9.1 8.8.8 7.72
|
2024-11-21 14:01
2021-06-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
6.1
4.3
|
MEDIUM
Network
|
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13688
|
cpe:2.3:a:drupal:drupal:*:*
|
9.0.0 8.9.0 8.8.0
|
|
|
9.0.6 8.9.6 8.8.10
|
2024-11-21 14:01
2021-06-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|