Latest drupal drupal Vulnerabilities

CVE-2024-22362
Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
composer/drupal/core=9.3.6
Drupal Drupal=9.3.6
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading ...
Drupal Drupal>=8.7.0<9.5.11
Drupal Drupal>=10.0.0<10.0.11
Drupal Drupal>=10.1.0<10.1.4
composer/drupal/core>=10.1.0<10.1.4
composer/drupal/core>=10.0.0<10.0.11
composer/drupal/core>=8.7.0<9.5.11
CVE-2023-31250
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may ...
Drupal Drupal>=7.0<7.96
Drupal Drupal>=9.4<9.4.14
Drupal Drupal>=9.5<9.5.8
Drupal Drupal>=10.0<10.0.8
composer/drupal/core>=7.0.0<7.96
composer/drupal/core>=9.0.0<9.4.14
and 2 more
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could le...
Drupal Drupal>=9.3.0<9.3.19
Drupal Drupal>=9.4.0<9.4.3
composer/drupal/core>=9.4.0<9.4.3
composer/drupal/core>=8.0.0<9.3.19
CVE-2022-25274
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users w...
Drupal Drupal>=9.3.0<9.3.12
composer/drupal/core>=9.3.0<9.3.12
CVE-2022-25273
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values o...
Drupal Drupal>=8.0.0<9.2.18
Drupal Drupal>=9.3.0<9.3.12
composer/drupal/core>=9.3.0<9.3.12
composer/drupal/core>=8.0.0<9.2.18
>=8.0.0<9.2.18
>=9.3.0<9.3.12
CVE-2022-39261
Possibility to load a template outside a configured directory when using the filesystem loader
composer/twig/twig>=1.0.0<1.44.7>=2.0.0<2.15.3>=3.0.0<3.4.3
Symfony Twig>=1.0.0<1.44.7
Symfony Twig>=2.0.0<2.15.3
Symfony Twig>=3.0.0<3.4.3
Drupal Drupal>=8.0.0<9.3.22
Drupal Drupal>=9.4.0<9.4.7
and 7 more
CVE-2022-25277
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
composer/drupal/core>=8.9.0<8.10.0>=9.0.0<9.1.0>=9.1.0<9.2.0>=9.2.0<9.3.0>=9.3.0<9.3.19>=9.4.0<9.4.3
Drupal Drupal>=8.0.0<9.3.19
Drupal Drupal>=9.4.0<9.4.3
composer/drupal/core>=9.4.0<9.4.3
composer/drupal/core>=8.0.0<9.3.19
CVE-2022-25275
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
composer/drupal/core>=7.0.0<7.91.0>=8.9.0<8.10.0>=9.0.0<9.1.0>=9.1.0<9.2.0>=9.2.0<9.3.0>=9.3.0<9.3.19>=9.4.0<9.4.3
Drupal Drupal>=7.0<7.91
Drupal Drupal>=8.0.0<9.3.19
Drupal Drupal>=9.4.0<9.4.3
composer/drupal/core>=9.4.0<9.4.3
composer/drupal/core>=8.0.0<9.3.19
and 1 more
CVE-2022-25278
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
composer/drupal/core>=8.0.0<9.3.19>=9.4.0<9.4.3
Drupal Drupal>=8.0.0<9.3.19
Drupal Drupal>=9.4.0<9.4.3
composer/drupal/core>=9.4.0<9.4.3
composer/drupal/core>=8.0.0<9.3.19
CVE-2022-31043
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds wi...
Guzzlephp Guzzle<6.5.7
Guzzlephp Guzzle>=7.0.0<7.4.4
Drupal Drupal>=9.2.0<9.2.21
Drupal Drupal>=9.3.0<9.3.16
Drupal Drupal=9.4.0-alpha1
Drupal Drupal=9.4.0-beta1
and 7 more
CVE-2022-31042
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with ...
Guzzlephp Guzzle<6.5.7
Guzzlephp Guzzle>=7.0.0<7.4.4
Drupal Drupal>=9.2.0<9.2.21
Drupal Drupal>=9.3.0<9.3.16
Drupal Drupal=9.4.0-alpha1
Drupal Drupal=9.4.0-beta1
and 7 more
CVE-2022-29248
### Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets t...
Guzzlephp Guzzle<6.5.6
Guzzlephp Guzzle>=7.0.0<7.4.3
Drupal Drupal>=9.2.0<9.2.20
Drupal Drupal>=9.3.0<9.3.14
Debian Debian Linux=11.0
composer/guzzlehttp/guzzle>=7<7.4.3>=4<6.5.6
and 9 more
CVE-2022-24775
### Impact Improper header parsing. An attacker could sneak in a carriage return character (`\r`) and pass untrusted values in both the header names and values. ### Patches The issue is patched in ...
composer/guzzlehttp/psr7>=2<2.1.1<1.8.4
Drupal Drupal>=8.0.0<9.2.16
Drupal Drupal>=9.3.0<9.3.9
Guzzlephp Psr-7<1.8.4
Guzzlephp Psr-7>=2.0.0<2.1.1
composer/guzzlehttp/psr7>=2.0.0<2.1.1
and 5 more
CVE-2022-24729
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-24728
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-25270
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not author...
Drupal Drupal>=9.2.0<9.2.13
Drupal Drupal>=9.3.0<9.3.6
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values o...
Drupal Drupal>=7.0.0<7.88
Drupal Drupal>=9.2.0<9.2.13
Drupal Drupal>=9.3.0<9.3.6
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module...
composer/drupal/core>=9.2.0<9.2.6
composer/drupal/core>=9.1.0<9.1.13
composer/drupal/core>=8.0.0<8.9.19
Drupal Drupal>=8.0.0<8.9.19
Drupal Drupal>=9.1.0<9.1.13
Drupal Drupal>=9.2.0<9.2.6
CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might...
Drupal Drupal>=8.0.0<8.9.19
Drupal Drupal>=9.1.0<9.1.13
Drupal Drupal>=9.2.0<9.2.6
CVE-2020-13674
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affec...
Drupal Drupal>=8.9.0<8.9.19
Drupal Drupal>=9.1.0<9.1.13
Drupal Drupal>=9.2.0<9.2.6
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes...
composer/drupal/core>=8.0.0<8.9.19
composer/drupal/core>=9.2.0<9.2.6
composer/drupal/core>=9.1.0<9.1.13
Drupal Drupal>=8.9.0<8.9.19
Drupal Drupal>=9.1.0<9.1.13
Drupal Drupal>=9.2.0<9.2.6
SA-CORE-2022-002
Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002
Drupal Drupal<7
CVE-2021-41165
### Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. ### Impact A potential vulnerability has been discovered ...
Ckeditor Ckeditor<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Agile Product Lifecycle Management=9.3.6
Oracle Application Express<22.1
and 19 more
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The...
Ckeditor Ckeditor>=4.0<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 19 more
CVE-2021-41184
### Impact Accepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execute untrusted code. For example, invoking the following...
rubygems/jquery-ui-rails<7.0.0
nuget/jQuery.UI.Combined<1.13.0
maven/org.webjars.npm:jquery-ui<1.13.0
npm/jquery-ui<1.13.0
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
and 75 more
CVE-2021-41183
### Impact Accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```...
ubuntu/jqueryui<1.10.1+dfsg-1ubuntu0.14.04.1~
ubuntu/jqueryui<1.13.0
ubuntu/jqueryui<1.12.1+dfsg-5ubuntu0.18.04.1~
ubuntu/jqueryui<1.12.1+dfsg-5ubuntu0.20.04.1
ubuntu/jqueryui<1.10.1+dfsg-1ubuntu0.16.04.1~
rubygems/jquery-ui-rails<7.0.0
and 116 more
CVE-2021-41182
### Impact Accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```js...
rubygems/jquery-ui-rails<7.0.0
maven/org.webjars.npm:jquery-ui<1.13.0
nuget/jQuery.UI.Combined<1.13.0
npm/jquery-ui<1.13.0
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
and 126 more
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal...
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted c...
composer/drupal/drupal>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
composer/drupal/core>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
Ckeditor Ckeditor>=4.14.0<4.16.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 15 more
CVE-2020-13672
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
composer/drupal/core>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.14>=9.0.0<9.0.12>=9.1.0<9.1.7
composer/drupal/drupal>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.14>=9.0.0<9.0.12>=9.1.0<9.1.7
Drupal Drupal<7.80
Drupal Drupal>=8.9.0<8.9.14
Drupal Drupal>=9.0.0<9.0.12
Drupal Drupal>=9.1.0<9.1.7
CVE-2020-36193
PEAR Archive_Tar Improper Link Resolution Vulnerability
composer/pear/archive_tar<1.4.12
Php Archive Tar<=1.4.11
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 11 more
CVE-2020-28948
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Php Archive Tar<1.4.11
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 8 more
CVE-2020-28949
PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
PEAR Archive_Tar
composer/pear/archive_tar<1.4.11
Php Archive Tar<1.4.12
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
and 9 more
CVE-2020-13671
Drupal core Un-restricted Upload of File
composer/drupal/core>=7.0.0<7.74>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.11>=8.9.0<8.9.9>=9.0.0<9.0.8
composer/drupal/drupal>=7.0.0<7.74>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.11>=8.9.0<8.9.9>=9.0.0<9.0.8
Drupal Drupal>=7.0<7.74
Drupal Drupal>=8.8<8.8.11
Drupal Drupal>=8.9<8.9.9
Drupal Drupal>=9.0<9.0.8
and 11 more
CVE-2020-13669
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
CVE-2020-13666
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
composer/drupal/core>=7.0.0<7.73>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
composer/drupal/drupal>=7.0.0<7.73>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
Drupal Drupal>=7.0<7.73
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
CVE-2020-13668
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8....
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
composer/drupal/drupal>=9.0.0<9.0.6
and 5 more
CVE-2020-13667
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
CVE-2020-13670
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.10>=8.9.0<8.9.6>=9.0.0<9.0.6
Drupal Drupal>=8.8.0<8.8.10
Drupal Drupal>=8.9.0<8.9.6
Drupal Drupal>=9.0.0<9.0.6
composer/drupal/drupal>=9.0.0<9.0.6
and 5 more
CVE-2020-13664
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
Drupal Drupal>=8.8.0<8.8.8
Drupal Drupal>=8.9.0<8.9.1
Drupal Drupal>=9.0.0<9.0.1
CVE-2020-13663
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
composer/drupal/core>=7.0.0<7.72>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
composer/drupal/drupal>=7.0.0<7.72>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
Drupal Drupal>=7.0<7.72
Drupal Drupal>=8.8.0<8.8.8
Drupal Drupal>=8.9.0<8.9.1
Drupal Drupal>=9.0.0<9.0.1
and 8 more
CVE-2020-13665
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
composer/drupal/core>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
composer/drupal/drupal>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1
Drupal Drupal>=8.8.0<8.8.8
Drupal Drupal>=8.9.0<8.9.1
Drupal Drupal>=9.0.0<9.0.1
CVE-2020-13662
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
composer/drupal/drupal>=7.0.0<7.70>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.7.14>=8.8.0<8.8.6
composer/drupal/core>=7.0.0<7.70>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.7.14>=8.8.0<8.8.6
debian/drupal7
Drupal Drupal>=7.0<=7.70
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2020-11022
### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...
rubygems/jquery-rails<4.4.0
maven/org.webjars.npm:jquery>=1.2.0<3.5.0
nuget/jquery>=1.2.0<3.5.0
npm/jquery>=1.2.0<3.5.0
redhat/qpid-dispatch<0:1.13.0-3.el6_10
redhat/qpid-dispatch<0:1.13.0-3.el7
and 164 more
CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with th...
Ckeditor Ckeditor>=4.0<4.14
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Drupal Drupal>=8.7.0<8.7.12
Drupal Drupal>=8.8.0<8.8.4
and 20 more
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Drupal=6.20
Drupal Data=6.x-1.0-alpha14
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Drupal=6.20
Drupal Data=6.x-1.0-alpha14
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual...
Drupal Drupal>=7.0<7.5
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=5.0
Fedoraproject Fedora=16
and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203