VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-13666 unknown 6y ago Drupal Core Cross-site scripting vulnerability php
CVE-2020-13665 unknown 6y ago JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the `rea… php
CVE-2020-13664 unknown 6y ago Drupal Core Arbitrary PHP code execution vulnerability php
CVE-2020-13663 unknown 6y ago Drupal Core Cross-Site Request Forgery (CSRF) vulnerability php
CVE-2019-10909 unknown 7y ago In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… debianphp
CVE-2017-6923 unknown 7y ago Missing Authorization in Drupal php
CVE-2019-6342 unknown 7y ago Drupal Improper Access Control php
CVE-2019-11831 unknown 7y ago Directory Traversal in typo3/phar-stream-wrapper php
CVE-2019-6341 unknown 7y ago Drupal Cross Site Scripting (XSS) vulnerability php
CVE-2019-6339 unknown 8y ago Arbitrary PHP code execution in Drupal php
CVE-2019-6338 unknown 8y ago Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data php