Home > Vulnerability Database > CVE-2020-13668

Mend.io Vulnerability Database

CVE-2020-13668

Date: February 11, 2022

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Language: PHP

Severity Score

6.1

Related Resources (9)

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml

Url: https://www.drupal.org/sa-core-2020-009

Url: https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-13668

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml

Url: https://github.com/drupal/core

Url: https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb

Url: https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8

Url: https://www.mend.io/vulnerability-database/CVE-2020-13668

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-13668

Date: February 11, 2022

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?