WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)

Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Remediation

References

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3396)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6105)

WordPress Plugin MemberSonic Lite Security Bypass (1.2)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

WordPress Plugin Disable Image Right Click Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2020-13668 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities