The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Drupal Core

Drupal Core: information disclosure via File Module
An attacker can bypass access restrictions to data via File Module of Drupal Core, in order to obtain sensitive information...
CERTFR-2020-AVI-577, CVE-2020-13670, DRUPAL-SA-CORE-2020-011, VIGILANCE-VUL-33351
Drupal Core: Cross Site Scripting via CKEditor Image Caption
An attacker can trigger a Cross Site Scripting via CKEditor Image Caption of Drupal Core, in order to run JavaScript code in the context of the web site...
CVE-2020-13669, DRUPAL-SA-CORE-2020-010, VIGILANCE-VUL-33350
Drupal Core: Cross Site Scripting via Forms
An attacker can trigger a Cross Site Scripting via Forms of Drupal Core, in order to run JavaScript code in the context of the web site...
CVE-2020-13668, DRUPAL-SA-CORE-2020-009, VIGILANCE-VUL-33349
Drupal Core: privilege escalation via Workspaces Module
An attacker can bypass restrictions via Workspaces Module of Drupal Core, in order to escalate his privileges...
CVE-2020-13667, DRUPAL-SA-CORE-2020-008, VIGILANCE-VUL-33348
Drupal Core: Cross Site Scripting via AJAX API JSONP
An attacker can trigger a Cross Site Scripting via AJAX API JSONP of Drupal Core, in order to run JavaScript code in the context of the web site...
CVE-2020-13666, DLA-2458-1, DRUPAL-SA-CORE-2020-007, FEDORA-2020-088196d926, FEDORA-2020-7d8f772540, VIGILANCE-VUL-33347
Drupal Core: privilege escalation via JSON-API PATCH Requests
An attacker can bypass restrictions via JSON:API PATCH Requests of Drupal Core, in order to escalate his privileges...
6240310, CERTFR-2020-AVI-381, CVE-2020-13665, DRUPAL-SA-CORE-2020-006, VIGILANCE-VUL-32570
Drupal Core: Cross Site Request Forgery via Form API
An attacker can trigger a Cross Site Request Forgery via Form API of Drupal Core, in order to force the victim to perform operations...
6240240, CERTFR-2020-AVI-381, CVE-2020-13663, DLA-2263-1, DRUPAL-SA-CORE-2020-004, DSA-4706-1, FEDORA-2020-0b32a59b54, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32568
Drupal Core 7: open redirect via drupal_goto
An attacker can deceive the user via drupal_goto() of Drupal Core 7, in order to redirect him to a malicious site...
6226330, CVE-2020-13662, DLA-2250-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-fbb94073a1, VIGILANCE-VUL-32314
jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, 6344075, 6367943, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, CERTFR-2020-AVI-797, cpujan2021, cpujul2020, cpuoct2020, CVE-2020-11022, CVE-2020-11023, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-2020-262, DSA-2020-270, DSA-4693-1, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, FEDORA-2020-fbb94073a1, K02453220, K66544153, KM03758436, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, openSUSE-SU-2020:1888-1, OSA-2020-14, RHSA-2020:3936-01, RHSA-2020:4670-01, RHSA-2020:4847-01, TNS-2020-10, VIGILANCE-VUL-32007
CKEditor: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of CKEditor, in order to run JavaScript code in the context of the web site...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CERTFR-2020-AVI-163, DRUPAL-SA-CORE-2020-001, VIGILANCE-VUL-31824
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Core: