Description

Drupal Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to inject disallowed values into forms or overwrite data. Drupal Core versions 9.2.x ranging from 9.2.0 and up to and including 9.2.17 are vulnerable.

Remediation

Update to Drupal Core version 9.2.18 or latest

References

https://www.drupal.org/sa-core-2022-008

Related Vulnerabilities

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1135)

WordPress Plugin Mobile Device Detection by 51Degrees Cross-Site Scripting (3.1.5.2)

MediaWiki CVE-2019-12467 Vulnerability (CVE-2019-12467)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Unspecified Vulnerability (2.1.3)

WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)

Severity

High

Classification

CVE-2022-25273 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass