Drupal 8.5.x < 8.5.8 / 8.6.x < 8.6.2 Open Redirect

The instance of Drupal running on the remote web server is affected by an open redirect vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website, thereby exposing the users to...

Drupal 8.5.x < 8.5.14 Cross-Site Scripting

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in File module/subsystem due to improper sanitization of data in uploaded files. Note that the scanner has not tested for these issues but has instead relied only...

Drupal 8.5.x < 8.5.11 RCE (SA-CORE-2019-003)

Binary data 700419.prm...

Drupal 8.5.x < 8.5.2 Enhanced Image Plugin XSS

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Drupal 8.5.x < 8.5.1 RCE

Binary data 700230.prm...