Lucene search
DrupalCVELIST:CVE-2020-13666HistoryMay 05, 2021 - 1:50 p.m.
CVE-2020-13666
2021-05-0513:50:13
drupal
www.cve.org
8
cve-2020-13666
drupal
cross-site scripting
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
CNA Affected
[
{
"product": "Drupal Core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "7.73",
"status": "affected",
"version": "7.x",
"versionType": "custom"
},
{
"lessThan": "8.8.10",
"status": "affected",
"version": "8.8.x",
"versionType": "custom"
},
{
"lessThan": "8.9.6",
"status": "affected",
"version": "8.9.x",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0.x",
"versionType": "custom"
}
]
}
]References
Related
ubuntucve
ubuntucve
CVE-2020-13666
2021-05-05 00:00:00
github
github
Drupal Core Cross-site scripting vulnerability
2022-05-24 17:49:27
osv
osv
BIT-drupal-2020-13666
2024-03-06 10:58:14
CVE-2020-13666
2021-05-05 14:15:07
Drupal Core Cross-site scripting vulnerability
2022-05-24 17:49:27
alpinelinux
alpinelinux
CVE-2020-13666
2021-05-05 14:15:07
cve
cve
CVE-2020-13666
2021-05-05 14:15:07
openvas
openvas
Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2020-007) - Linux
2020-09-17 00:00:00
Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2020-007) - Windows
2020-09-17 00:00:00
Fedora: Security Advisory for drupal7 (FEDORA-2020-7d8f772540)
2020-11-27 00:00:00
nessus
nessus
Drupal 7.x < 7.73 / 8.8.x < 8.8.10 / 8.9.x < 8.9.6 / 9.0.x < 9.0.6 XSS (drupal-2020-09-16)
2020-09-24 00:00:00
Debian DLA-2458-1 : drupal7 security update
2020-11-20 00:00:00
Drupal 9.0.x < 9.0.6 Multiple Vulnerabilities
2020-09-18 00:00:00
friendsofphp
friendsofphp
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
1970-01-01 00:00:00
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
1970-01-01 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
2020-09-16 00:00:00
prion
prion
Cross site scripting
2021-05-05 14:15:00
nvd
nvd
CVE-2020-13666
2021-05-05 14:15:07
debiancve
debiancve
CVE-2020-13666
2021-05-05 14:15:00
veracode
veracode
Cross-site Scripting (XSS)
2020-09-18 07:35:22
debian
debian
[SECURITY] [DLA 2458-1] drupal7 security update
2020-11-19 11:47:17
fedora
fedora
[SECURITY] Fedora 32 Update: drupal7-7.74-1.fc32
2020-11-27 01:12:43
[SECURITY] Fedora 33 Update: drupal7-7.74-1.fc33
2020-11-27 01:24:16
[SECURITY] Fedora 32 Update: drupal8-8.9.11-1.fc32
2020-12-15 01:41:04
