Lucene search
+L

8 matches found

nvd
nvd
added 2021/05/05 2:15 p.m.27 views

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS0.02925EPSS
Exploits0References1
cvelist
cvelist
added 2021/05/05 1:50 p.m.36 views

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1AI score0.02925EPSS
Exploits0References1
cve
cve
added 2021/05/05 1:50 p.m.188 views

CVE-2020-13666

Vulnerability: CVE-2020-13666 – Cross-site scripting in Drupal Core via JSONP in the AJAX API. Affected products (examples): Drupal Core 7.x before 7.73; 8.8.x before 8.8.10; 8.9.x before 8.9.6; 9.0.x before 9.0.6. Root cause: JSONP is not disabled by default in the Drupal AJAX API, enabling XSS ...

6.1CVSS5.9AI score0.02925EPSS
Exploits0References1Affected Software1
debiancve
debiancve
added 2021/05/05 1:50 p.m.38 views

CVE-2020-13666

Removed by vendor...

6.1CVSS6.2AI score0.02925EPSS
Exploits0
alpinelinux
alpinelinux
added 2021/05/05 1:50 p.m.53 views

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.3AI score0.02925EPSS
Exploits0
nessus
nessus
added 2020/12/15 12:0 a.m.39 views

Fedora 32 : drupal8 (2020-d50d74d6f2)

https://www.drupal.org/project/drupal/releases/8.9.11 - https://www.drupal.org/project/drupal/releases/8.9.10 - https://www.drupal.org/sa-core-2020-013 CVE-2020-28948 / CVE-2020-28949 - https://www.drupal.org/project/drupal/releases/8.9.9 - https://www.drupal.org/sa-core-2020-012 CVE-2020-13671 -...

8.8CVSS7AI score0.84554EPSS
Exploits5References16
openvas
openvas
added 2020/11/20 12:0 a.m.38 views

Debian: Security Advisory (DLA-2458-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.6AI score0.04304EPSS
Exploits0References8
debian
debian
added 2020/11/19 11:47 a.m.152 views

[SECURITY] [DLA 2458-1] drupal7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2458-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020 https://wiki.debian.org/LTS -...

8.8CVSS8.4AI score0.04304EPSS
Exploits0
Rows per page
Query Builder