Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Drupal Security Vulnerabilities - 2020

cve
cve

CVE-2011-2714

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

6.1CVSS

6AI Score

0.001EPSS

2020-01-14 10:15 PM
60
cve
cve

CVE-2011-2715

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

9.8CVSS

9.7AI Score

0.002EPSS

2020-01-14 10:15 PM
61
cve
cve

CVE-2019-6342

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

9.8CVSS

9.2AI Score

0.003EPSS

2020-05-28 09:15 PM
101
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS

6.8AI Score

0.063EPSS

2020-04-29 10:15 PM
5723
In Wild
18
cve
cve

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patch...

6.9CVSS

6.8AI Score

0.023EPSS

2020-04-29 09:15 PM
5502
In Wild
16
cve
cve

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0....

8.8CVSS

8.5AI Score

0.016EPSS

2020-11-20 04:15 PM
1145
In Wild
2
cve
cve

CVE-2020-28948

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

7.8CVSS

7.7AI Score

0.068EPSS

2020-11-19 07:15 PM
224
In Wild
30
cve
cve

CVE-2020-28949

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

7.8CVSS

7.7AI Score

0.935EPSS

2020-11-19 07:15 PM
770
In Wild
29
cve
cve

CVE-2020-9281

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

6.1CVSS

5.4AI Score

0.002EPSS

2020-03-07 01:15 AM
1394