Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-13668

UNKNOWN
Published 2022-02-11T15:15:14
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-13668. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Drupal

Core

Affected Versions:

8.8.x 8.9.x 9.0.x

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-site Scripting in Drupal Core

GHSA-m6q5-wv4x-fv6h

Advisory Details

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Affected Packages

Packagist drupal/core
ECOSYSTEM: ≥8.0.0 <8.8.10
Packagist drupal/core
ECOSYSTEM: ≥8.9.0 <8.9.6
Packagist drupal/core
ECOSYSTEM: ≥9.0.0 <9.0.6
Packagist drupal/drupal
ECOSYSTEM: ≥8.0.0 <8.8.10
Packagist drupal/drupal
ECOSYSTEM: ≥8.9.0 <8.9.6
Packagist drupal/drupal
ECOSYSTEM: ≥9.0.0 <9.0.6

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-13668
WEB https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8
WEB https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb
WEB https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml
PACKAGE https://github.com/drupal/core
WEB https://www.drupal.org/sa-core-2020-009

Advisory provided by GitHub Security Advisory Database. Published: February 12, 2022, Modified: February 25, 2022

References

https://www.drupal.org/sa-core-2020-009
Published: 2022-02-11T15:15:14
Last Modified: 2024-08-04T12:25:16.423Z
Copied to clipboard!