12 matches found
EUVD-2026-43065
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...
CVE-2026-13241
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...
CVE-2026-13241
Summary: CVE-2026-13241 describes a Missing Authorization vulnerability in Drupal Paragraphs (affecting Paragraphs 0.0.0 – 1.21.0) compounded by the Paragraphs Library module. The issue allows forceful browsing because access to direct child paragraphs of library items via API endpoints is not su...
CVE-2026-13240 Paragraphs - Less critical - Access bypass - SA-CONTRIB-2026-060
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...
CVE-2026-13240
CVE-2026-13240 affects Drupal Paragraphs (and Paragraphs Library) with a missing authorization flaw that enables forceful browsing. Affected versions are 0.0.0 through 1.21.0. Root cause: insufficient access checks allowing access to unpublished library items when Paragraphs Library is active (e....
CVE-2025-6677 Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Paragraphs table allows Cross-Site Scripting XSS.This issue affects Paragraphs table: from 2.0.0 before 2.0.5...
Drupal Paragraphs table 安全漏洞
Drupal Paragraphs table is a table generation tool for the Drupal community. A security vulnerability exists in Drupal Paragraphs table versions prior to 2.0.5 that stems from improper input neutralization and could lead to a cross-site scripting attack...
PT-2025-26966 · Drupal · Drupal Paragraphs
Name of the Vulnerable Software and Affected Versions: Drupal Paragraphs table versions 2.0.0 through 2.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, in the Drupal Paragraphs table. This allows for...
DRUPAL-CONTRIB-2025-084
Project Paragraphs table provides a field for a collection table. The module doesn't sufficiently sanitise certain data attributes allowing Cross Site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing...
The vulnerability of the Paragraphs module in the Drupal CMS system, related to deficiencies in access control, allows attackers to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the Paragraphs module in the Drupal CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass security restrictions and gain unauthorized access to protected information...
CVE-2024-13272 Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2...
PT-2024-10356 · Drupal · Drupal Paragraphs Table
Name of the Vulnerable Software and Affected Versions: Drupal Paragraphs table versions 0.0.0 through 1.22.0 Drupal Paragraphs table versions 2.0.0 through 2.0.1 Description: The issue is related to insufficient granularity of access control in Drupal Paragraphs table, which allows content...