Description

Drupal Core is prone to multiple vulnerabilities, including cross-site request forgery and session fixation vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application or to hijack an arbitrary session and gain access to sensitive information. Drupal Core versions 5.x ranging from 5.0 and up to and including 5.7 are vulnerable.

Remediation

Update to Drupal Core version 5.8 or latest

References

https://www.drupal.org/node/280571

Related Vulnerabilities

WordPress Plugin Paytium:Mollie payment forms & donations Cross-Site Scripting (3.1.1)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11456)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Unspecified Vulnerability (4.0.2)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.9)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-41308)

Severity

High

Classification

CVE-2008-3219 CVE-2008-3220 CVE-2008-3222 CWE-352 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update