Computer vulnerabilities of Drupal Core

Archive_Tar: directory traversal via Tar.php
An attacker can traverse directories via Tar.php of Archive_Tar, in order to create a file outside the service root path...
6440659, CERTFR-2021-AVI-050, CVE-2020-36193, DLA-2530-1, DLA-2621-1, DRUPAL-SA-CORE-2021-001, DSA-4894-1, FEDORA-2021-02996612f6, FEDORA-2021-dc7de65eed, USN-4723-1, VIGILANCE-VUL-34382

Drupal Core: information disclosure via File Module
An attacker can bypass access restrictions to data via File Module of Drupal Core, in order to obtain sensitive information...
6410490, CERTFR-2020-AVI-577, CVE-2020-13670, DRUPAL-SA-CORE-2020-011, VIGILANCE-VUL-33351

Drupal Core: Cross Site Scripting via CKEditor Image Caption
An attacker can trigger a Cross Site Scripting via CKEditor Image Caption of Drupal Core, in order to run JavaScript code in the context of the web site...
6410490, CVE-2020-13669, DRUPAL-SA-CORE-2020-010, VIGILANCE-VUL-33350

Drupal Core: Cross Site Scripting via Forms
An attacker can trigger a Cross Site Scripting via Forms of Drupal Core, in order to run JavaScript code in the context of the web site...
6410490, CVE-2020-13668, DRUPAL-SA-CORE-2020-009, VIGILANCE-VUL-33349

Drupal Core: privilege escalation via Workspaces Module
An attacker can bypass restrictions via Workspaces Module of Drupal Core, in order to escalate his privileges...
6410490, CVE-2020-13667, DRUPAL-SA-CORE-2020-008, VIGILANCE-VUL-33348

Drupal Core: Cross Site Scripting via AJAX API JSONP
An attacker can trigger a Cross Site Scripting via AJAX API JSONP of Drupal Core, in order to run JavaScript code in the context of the web site...
6410490, CVE-2020-13666, DLA-2458-1, DRUPAL-SA-CORE-2020-007, FEDORA-2020-088196d926, FEDORA-2020-7d8f772540, VIGILANCE-VUL-33347

Drupal Core: privilege escalation via JSON-API PATCH Requests
An attacker can bypass restrictions via JSON:API PATCH Requests of Drupal Core, in order to escalate his privileges...
6240310, CERTFR-2020-AVI-381, CVE-2020-13665, DRUPAL-SA-CORE-2020-006, VIGILANCE-VUL-32570

Drupal Core: Cross Site Request Forgery via Form API
An attacker can trigger a Cross Site Request Forgery via Form API of Drupal Core, in order to force the victim to perform operations...
6240240, CERTFR-2020-AVI-381, CVE-2020-13663, DLA-2263-1, DRUPAL-SA-CORE-2020-004, DSA-4706-1, FEDORA-2020-0b32a59b54, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32568

Drupal Core 7: open redirect via drupal_goto
An attacker can deceive the user via drupal_goto() of Drupal Core 7, in order to redirect him to a malicious site...
6226330, CVE-2020-13662, DLA-2250-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32314

jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, 6344075, 6367943, 6413705, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, CERTFR-2020-AVI-797, cpuapr2021, cpujan2021, cpujul2020, cpuoct2020, CVE-2020-11022, CVE-2020-11023, DLA-2608-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-2020-262, DSA-2020-270, DSA-4693-1, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, FEDORA-2020-fbb94073a1, JRASERVER-72052, K02453220, K66544153, KM03758436, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, openSUSE-SU-2020:1888-1, OSA-2020-14, RHSA-2020:3936-01, RHSA-2020:4670-01, RHSA-2020:4847-01, RHSA-2021:0860-01, TNS-2020-10, VIGILANCE-VUL-32007

Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Core:

https://www.drupal.org/