We found results for “”
CVE-2020-13673
Good to know:
Date: February 11, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version drupal/core - 9.1.11;drupal/core - 9.1.13;drupal/core - 8.9.0-beta1;drupal/core - 8.9.17;drupal/core - 9.1.0-rc2;drupal/core - 8.9.19;drupal/core - 8.9.x-dev;drupal/core - 9.2.x-dev;drupal/core - 9.2.5;drupal/drupal - 9.2.x-dev;drupal/drupal - 8.9.19;drupal/drupal - 9.2.6;drupal/drupal - 9.1.13;nrel/nrel_bootstrap - dev-d10;justsomeguy/radiofreenetwork - dev-feature/steve/drupal-cms-1.0;studio509/project-default - no_fix;acquia/acquia_cms - 2020-11-17;acquia/acquia_cms - 2020-10-11;acquia/acquia_cms - 2020-11-05;signalfx/signalfx-tracing - dev-flands/language;signalfx/signalfx-tracing - dev-dd-sync-2022-06-v2;signalfx/signalfx-tracing - dev-uint64;signalfx/signalfx-tracing - dev-capture-req-headers;signalfx/signalfx-tracing - dev-dependabot/npm_and_yarn/dockerfiles/testing-environment/Wordpress5/app/wp-content/themes/twentynineteen/shell-quote-1.7.4;greg-1-anderson/drupal-core - no_fix;drupal/core-dev-pinned - 8.8.0-beta1;birlasoft/drupal-cms - no_fix;drupal/core-dev - 8.8.0-beta1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | HIGH |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |
Vulnerabilities
Projects
Contact Us


