|
211501
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which come…
|
CWE-863
Incorrect Authorization
|
CVE-2020-13676
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211502
|
9.8 |
CRITICAL
Network
|
drupal
|
drupal
|
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker migh…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13675
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211503
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affe…
|
CWE-352
Origin Validation Error
|
CVE-2020-13674
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211504
|
6.1 |
MEDIUM
Network
|
drupal
|
entity_embed
|
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is ac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13673
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211505
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions pr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13672
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211506
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the I…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13670
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211507
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13669
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211508
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13668
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211509
|
6.1 |
MEDIUM
Network
|
outsystems
|
lifetime_management_console
platform_server
outsystems
|
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store m…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13639
|
2024-11-21 14:01 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211510
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit …
|
CWE-89
SQL Injection
|
CVE-2020-13589
|
2024-11-21 14:01 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
