CVE-2020-13668
published 2022-02-11CVE-2020-13668: Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.67%
47.3th percentile
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 8.0.0 < 8.8.10 | 8.8.10 |
| drupal | core | >= 8.8.x < 8.8.10 | 8.8.10 |
| drupal | core | >= 8.9.0 < 8.9.6 | 8.9.6 |
| drupal | core | >= 8.9.x < 8.9.6 | 8.9.6 |
| drupal | core | >= 9.0.0 < 9.0.6 | 9.0.6 |
| drupal | core | >= 9.0.x < 9.0.6 | 9.0.6 |
| drupal | drupal | >= 8.0.0 < 8.8.10 | 8.8.10 |
| drupal | drupal | >= 8.8.0 < 8.8.10 | 8.8.10 |
| drupal | drupal | >= 8.9.0 < 8.9.6 | 8.9.6 |
| drupal | drupal | >= 8.9.0 < 8.9.6 | 8.9.6 |
| drupal | drupal | >= 9.0.0 < 9.0.6 | 9.0.6 |
| drupal | drupal | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in Drupal Core
osv·2022-02-12
CVE-2020-13668 [MEDIUM] Cross-site Scripting in Drupal Core
Cross-site Scripting in Drupal Core
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
GHSA
Cross-site Scripting in Drupal Core
ghsa·2022-02-12
CVE-2020-13668 [MEDIUM] CWE-79 Cross-site Scripting in Drupal Core
Cross-site Scripting in Drupal Core
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
OSV
CVE-2020-13668: Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the
osv·2022-02-11·CVSS 6.1
CVE-2020-13668 [MEDIUM] CVE-2020-13668: Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-11
Published