Drupal : Security Vulnerabilities Published In 2020 (Cross Site Scripting (XSS))
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2020-11023 |
79 |
|
Exec Code XSS |
2020-04-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
2 |
CVE-2020-11022 |
79 |
|
Exec Code XSS |
2020-04-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
3 |
CVE-2020-9281 |
79 |
|
XSS |
2020-03-07 |
2022-02-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). |
4 |
CVE-2011-2714 |
79 |
|
XSS |
2020-01-14 |
2020-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. |
Total number of vulnerabilities :
4
Page :
1
(This Page)