Lucene search

K
githubGitHub Advisory DatabaseGHSA-3M36-MJWJ-352C
HistoryFeb 12, 2022 - 12:00 a.m.

Drupal core Cross-site Scripting (XSS) vulnerability

2022-02-1200:00:47
CWE-79
GitHub Advisory Database
github.com
1

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.

Affected configurations

Vulners
Node
drupaldrupalRange<9.1.7
OR
drupaldrupalRange<9.0.12
OR
drupaldrupalRange<8.9.14
OR
drupaldrupalRange<7.80
OR
drupaldrupalRange<9.1.7
OR
drupaldrupalRange<9.0.12
OR
drupaldrupalRange<8.9.14
OR
drupaldrupalRange<7.80

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%