Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112594
HistorySep 18, 2020 - 12:00 a.m.

Drupal 9.0.x < 9.0.6 Multiple Vulnerabilities

2020-09-1800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities :

  • A Cross-Site Scripting (XSS) due to Drupal AJAX API which does not disable JSONP by default (CVE-2020-13666).

  • An access bypass due to the Workspaces module which does not sufficiently check access permissions when switching workspaces (CVE-2020-13667).

  • A Cross-Site Scripting (XSS) (CVE-2020-13668).

  • A Cross-Site Scripting (XSS) in Drupal core’s built-in CKEditor image caption functionality (CVE-2020-13669).

  • An information disclosure in the File module (CVE-2020-13670).

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Related

ibm 1
nessus 8
openvas 9
fedora 4
github 4
ubuntucve 4
drupal 4
osv 15
veracode 3
cve 5
redhatcve 1
prion 5
attackerkb 1
alpinelinux 1
debiancve 1
debian 1
ibm
ibm
Security Bulletin: IBM API Connect's Developer Portal is impacted by multiple vulnerabilities in Drupal core.
2021-02-02 13:46:49
nessus
nessus
Drupal 8.9.x < 8.9.6 Multiple Vulnerabilities
2020-09-18 00:00:00
Drupal 7.x < 7.73 Multiple Vulnerabilities
2020-09-18 00:00:00
Drupal 8.8.x < 8.8.10 Multiple Vulnerabilities
2020-09-18 00:00:00
openvas
openvas
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-008, SA-CORE-2020-009, SA-CORE-2020-010, SA-CORE-2020-011) - Windows
2020-09-17 00:00:00
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-008, SA-CORE-2020-009, SA-CORE-2020-010, SA-CORE-2020-011) - Linux
2020-09-17 00:00:00
Fedora: Security Advisory for drupal8 (FEDORA-2020-6f1079934c)
2020-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.11-1.fc32
2020-12-15 01:41:04
[SECURITY] Fedora 33 Update: drupal8-8.9.11-1.fc33
2020-12-15 01:22:18
[SECURITY] Fedora 33 Update: drupal7-7.74-1.fc33
2020-11-27 01:24:16
github
github
Drupal Core Cross-site scripting vulnerability
2022-05-24 17:49:27
Exposure of Resource to Wrong Sphere in Drupal Core
2022-02-12 00:00:47
Cross-site Scripting in Drupal Core
2022-02-12 00:00:47
ubuntucve
ubuntucve
CVE-2020-13666
2021-05-05 00:00:00
CVE-2020-13668
2022-02-11 00:00:00
CVE-2020-13669
2022-02-11 00:00:00
drupal
drupal
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
2020-09-16 00:00:00
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
2020-09-16 00:00:00
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
2020-09-16 00:00:00
osv
osv
Drupal Core Access bypass vulnerability
2022-05-24 19:02:37
BIT-drupal-2020-13667
2024-03-06 10:58:01
Exposure of Resource to Wrong Sphere in Drupal Core
2022-02-12 00:00:47
veracode
veracode
Cross-site Scripting (XSS)
2022-02-14 04:52:36
Information Disclosure
2022-02-14 05:56:13
Cross-site Scripting (XSS)
2020-09-18 07:35:22
cve
cve
CVE-2020-13669
2022-02-11 16:15:00
CVE-2020-13666
2021-05-05 14:15:00
CVE-2020-13668
2022-02-11 16:15:00
redhatcve
redhatcve
CVE-2020-13667
2022-05-21 00:24:24
prion
prion
Cross site scripting
2022-02-11 16:15:00
Information disclosure
2022-02-11 16:15:00
Security feature bypass
2022-02-11 16:15:00
attackerkb
attackerkb
CVE-2020-13668
2020-09-17 00:00:00
alpinelinux
alpinelinux
CVE-2020-13666
2021-05-05 14:15:00
debiancve
debiancve
CVE-2020-13666
2021-05-05 14:15:00
debian
debian
[SECURITY] [DLA 2458-1] drupal7 security update
2020-11-19 11:47:17
JSON
Related for WEB_APPLICATION_SCANNING_112594
ibm1nessus8openvas9fedora4github4ubuntucve4drupal4osv15veracode3cve5redhatcve1prion5attackerkb1alpinelinux1debiancve1debian1