
We found results for “”
CVE-2020-13673
Good to know:

Date: February 11, 2022
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version drupal/core - 9.1.11;drupal/core - 9.1.13;drupal/core - 8.9.0-beta1;drupal/core - 8.9.17;drupal/core - 9.1.0-rc2;drupal/core - 8.9.19;drupal/core - 8.9.x-dev;drupal/core - 9.2.x-dev;drupal/core - 9.2.5;drupal/drupal - 9.2.x-dev;drupal/drupal - 8.9.19;drupal/drupal - 9.2.6;drupal/drupal - 9.1.13;nrel/nrel_bootstrap - dev-d10;justsomeguy/radiofreenetwork - dev-feature/steve/drupal-cms-1.0;studio509/project-default - no_fix;acquia/acquia_cms - 2020-11-17;acquia/acquia_cms - 2020-10-11;acquia/acquia_cms - 2020-11-05;signalfx/signalfx-tracing - dev-flands/language;signalfx/signalfx-tracing - dev-dd-sync-2022-06-v2;signalfx/signalfx-tracing - dev-uint64;signalfx/signalfx-tracing - dev-capture-req-headers;signalfx/signalfx-tracing - dev-dependabot/npm_and_yarn/dockerfiles/testing-environment/Wordpress5/app/wp-content/themes/twentynineteen/shell-quote-1.7.4;greg-1-anderson/drupal-core - no_fix;drupal/core-dev-pinned - 8.8.0-beta1;birlasoft/drupal-cms - no_fix;drupal/core-dev - 8.8.0-beta1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | HIGH |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |