146 matches found
Input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25273
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25278
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
CVE-2022-25278
CVE-2022-25278 concerns Drupal’s form API: under certain conditions the core form element access is evaluated incorrectly, enabling a user to alter data they shouldn’t access. CNNVD notes affected versions are prior to 9.3.19 and prior to 9.4.3.
CVE-2022-25273
Summary: CVE-2022-25273 concerns Drupal core’s form API where vulnerable forms from contributed or custom modules may fail proper input validation. The underlying issue allows an attacker to inject disallowed values or overwrite data, potentially causing alteration of critical or sensitive data i...
PT-2023-12781 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal core versions prior to the fixed version Description: The form API in Drupal core has a vulnerability that affects certain contributed or custom modules' forms, making them susceptible to improper input validation. This could allow an...
Access bypass in Drupal Core
Drupal core form API evaluates form element access incorrectly. This can lead to a user being able to alter data they should not have access to...
GHSA-CFH2-7F6H-3M85 Access bypass in Drupal Core
Drupal core form API evaluates form element access incorrectly. This can lead to a user being able to alter data they should not have access to...
PT-2023-12784 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The Drupal core form API evaluates form element access incorrectly under certain circumstances. This may lead to a user being able to alter data they should not have access to. No forms...
Media Library Form API Element - Moderately critical - Information Disclosure - SA-CONTRIB-2023-004
This module enables you to use the media library in custom forms without the Media Library Widget. The module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The...
Fedora 35 : drupal7 (2022-bf18450366)
The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-bf18450366 advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...
Drupal 7.x < 7.91 / 9.3.x < 9.3.19 / 9.4.x < 9.4.3 Multiple Vulnerabilities (drupal-2022-07-20)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19, or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities. - The Media oEmbed iframe route does not properly validate the iframe domai...
Drupal 9.4.x < 9.4.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal 7.x < 7.91 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
DRUPAL-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
GHSA-M648-HPF8-QCJW Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities...
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities...
Drupal Open Redirect
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...