112 matches found
Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Linux
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 7.x < 7.95 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal Multiple Vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 10.0.x < 10.0.5 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 9.5.x < 9.5.5 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...
Drupal 7.x < 7.95 / 9.4.x < 9.4.12 / 9.5.x < 9.5.5 / 10.x < 10.0.5 Multiple Vulnerabilities (drupal-2023-03-15)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5, or 10.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities. - Drupal core provides a page that outputs the markup...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002
The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...
CVE-2022-38901
A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...
CVE-2022-38901
A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...
CVE-2022-38901
Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...
PT-2022-24614 · Liferay · Liferay Digital Experience Platform
Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue exists in the file upload functionality of the Document and Media module, allowing remote attackers to inject arbitrary JS script or HTML int...
PT-2022-33677 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.65 Description: A memory leak issue was discovered in the pvr probe function of the pvrusb2 media module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kern...
GSD-2022-1003893 media: cx25821: Fix the warning when removing the module
media: cx25821: Fix the warning when removing the module This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...
Drupal 9.2.x < 9.2.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.19, 9.1.x prior to 9.1.13, or 9.2.x prior to 9.2.6. It is, therefore, affected by multiple vulnerabilities. - Under some circumstances, the Drupal core JSON:API module does not...
Drupal 9.1.x < 9.1.13 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.19, 9.1.x prior to 9.1.13, or 9.2.x prior to 9.2.6. It is, therefore, affected by multiple vulnerabilities. - Under some circumstances, the Drupal core JSON:API module does not...
DRUPAL-CORE-2021-006
The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to...
Drupal 8.9.x < 8.9.19 / 9.1.x < 9.1.13 / 9.2.x < 9.2.6 Multiple Vulnerabilities (drupal-2021-09-15)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.19, 9.1.x prior to 9.1.13, or 9.2.x prior to 9.2.6. It is, therefore, affected by multiple vulnerabilities. - Under some circumstances, the Drupal core JSON:API module does not...
Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006
The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to...
October CMS Cross-Site Scripting Vulnerability (CNVD-2018-14215)
October CMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework, developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. The Media module is one of the media content management modules. A cross-site...