|
214461
|
6.1 |
MEDIUM
Network
|
drupal
|
entity_embed
|
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is ac…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13673
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214462
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions pr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13672
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214463
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the I…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-13670
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214464
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13669
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214465
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13668
|
2024-11-21 14:01 |
2022-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214466
|
6.1 |
MEDIUM
Network
|
outsystems
|
lifetime_management_console
platform_server
outsystems
|
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store m…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13639
|
2024-11-21 14:01 |
2021-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214467
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit …
|
CWE-89
SQL Injection
|
CVE-2020-13589
|
2024-11-21 14:01 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214468
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerabl…
|
CWE-89
SQL Injection
|
CVE-2020-13588
|
2024-11-21 14:01 |
2021-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214469
|
8.8 |
HIGH
Network
|
drupal
|
drupal
|
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
|
CWE-352
Origin Validation Error
|
CVE-2020-13663
|
2024-11-21 14:01 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214470
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupa…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13688
|
2024-11-21 14:01 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
