WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)

Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Remediation

References

Related Vulnerabilities

WordPress Plugin Bold Page Builder PHP Object Injection (3.1.5)

WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)

MySQL CVE-2019-2997 Vulnerability (CVE-2019-2997)

Oracle JRE CVE-2013-2454 Vulnerability (CVE-2013-2454)

Microsoft SQL Server CVE-2023-21528 Vulnerability (CVE-2023-21528)

Severity

Medium

Classification

CVE-2020-13668 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities