Fedora: Security Advisory (FEDORA-2025-355d5aac01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

[SECURITY] Fedora 41 Update: drupal7-7.103-1.fc41

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

CVE-2025-12760

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

Cross-site Scripting (XSS)

Overview jquery-multifile is a jQuery Multiple File Selection Plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file name processing. An attacker can execute arbitrary scripts in the context of a victim's browser by providing a file with a specially craft...

CVE-2025-12848

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-12848

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-12848

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

CVE-2025-12848

The CVE-2025-12848 issue affects Drupal 7.x Webform Multiple File Upload module, where the XSS vulnerability resides in the file name renderer. An unauthenticated attacker can upload a file with a malicious filename (for example containing JavaScript) to a Webform node with a Multifile field wher...

EUVD-2025-199686

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

PT-2025-48120

Name of the Vulnerable Software and Affected Versions Drupal Webform Multiple File Upload module versions 7.x affected versions not specified Description The Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS issue in the file name renderer. An unauthenticated...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from a cross-site scripting vulnerability in the filename renderer that could lead to the execution of arbitrary script...

BIT-DRUPAL-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...

BIT-DRUPAL-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007

User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

BIT-DRUPAL-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

BIT-DRUPAL-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

CVE-2025-13080

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. Mitigation Mitigation for this issue is eith...