Description

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Remediation

References

CVE-2022-25271

Related Vulnerabilities

WordPress Plugin Simple Post Cross-Site Scripting (1.1)

Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)

WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)

WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7471)

Severity

High

Classification

CVE-2022-25271 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities