146 matches found
GHSA-WWRM-8947-4M6C Drupal Open Redirect
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL...
Drupal Form API ignores access restrictions on submit buttons
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "access" set to FALSE in the server-side form definition...
GHSA-4GH5-3HQJ-X3PJ Drupal Form API ignores access restrictions on submit buttons
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "access" set to FALSE in the server-side form definition...
Drupal 9.2.x < 9.2.18 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.18 or 9.3.x prior to 9.3.12. It is, therefore, affected by multiple vulnerabilities: - Drupal core's form API has a vulnerability where certain contributed or custom modules' form...
Drupal 9.2.x < 9.2.18 / 9.3.x < 9.3.12 Multiple Vulnerabilities (drupal-2022-04-20)
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.18 or 9.3.x prior to 9.3.12. It is, therefore, affected by multiple vulnerabilities. - Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API w...
DRUPAL-CORE-2022-008
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
ROS-20220225-02
Vulnerability in the Drupal content management system, related to incorrect access restrictions in the in the quick edit module. Exploitation of the vulnerability could allow an attacker acting remotely, to view content restricted by other means A vulnerability in Drupal's content management...
Drupal 9.3.x < 9.3.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...
Drupal 9.2.x < 9.2.13 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...
Drupal 7.x < 7.88 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
Input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Removed by vendor...
CVE-2022-25271
The provided materials confirm CVE-2022-25271 affects Drupal core via the form API. The root cause is improper input validation in certain contributed or custom modules’ forms, potentially allowing an attacker to inject disallowed values or overwrite data. Affected forms are described as uncommon...
Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...