Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-13688

  • EPSS 0.34%
  • Veröffentlicht 11.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:44

Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versio...

6.1

CVE-2021-33829

  • EPSS 0.99%
  • Veröffentlicht 09.06.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:09:38

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

5.3

CVE-2020-13667

  • EPSS 0.14%
  • Veröffentlicht 17.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:43

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnera...

6.1

CVE-2020-13662

  • EPSS 0.66%
  • Veröffentlicht 05.05.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:01:42

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

9.3

CVE-2020-13664

  • EPSS 1.96%
  • Veröffentlicht 05.05.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:01:43

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this dir...

9.8

CVE-2020-13665

  • EPSS 0.58%
  • Veröffentlicht 05.05.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:01:43

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior ...

6.1

CVE-2020-13666

  • EPSS 0.51%
  • Veröffentlicht 05.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:43

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior ...

7.5

CVE-2020-36193

Warnung
  • EPSS 72.18%
  • Veröffentlicht 18.01.2021 20:15:12
  • Zuletzt bearbeitet 07.11.2025 22:03:02

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

8.8

CVE-2020-13671

Warnung
  • EPSS 4.5%
  • Veröffentlicht 20.11.2020 16:15:15
  • Zuletzt bearbeitet 03.11.2025 18:06:21

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affec...

7.8

CVE-2020-28948

Exploit
  • EPSS 73.73%
  • Veröffentlicht 19.11.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:23:21

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.