Cookie Consent by Free Privacy Policy Generator website CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691) u

Portal Nachrichten

WIRKLICH FIXED: RSS feeds abonnieren!!!


➠ CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691)

A vulnerability was found in Drupal up to 8.1.9 and classified as problematic. This issue affects some unknown processing of the component HTTP Exception Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2016-7571. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component....


➦ Sicherheitslücken / Exploits ☆ vuldb.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691)'

Improper input validation in Drupal core form

vom 2250.83 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in

[SA-CORE-2021-002] Extended XSS attribute sanitize filter to prevent cross-site scripting

vom 1863.92 Punkte
Drupal core's sanitize API failed to properly filter cross-site scripting under certain circumstances. This vulnerability affects the following application versions: Drupal 7.0 Drupal 7.1

Access bypass - SA-CORE-2022-013

vom 1758.19 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo

Access bypass - SA-CORE-2022-013

vom 1758.19 Punkte
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo

[SA-CORE-2020-012] Remote code execution

vom 1647.78 Punkte
Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This vulnerabi

Multiple vulnerabilities - SA-CORE-2022-016

vom 1647.78 Punkte
Official Description: Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials. Thi

Improper input validation - SA-CORE-2022-008

vom 1630.79 Punkte
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in

Information disclosure in Quick Edit module

vom 1528.87 Punkte
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. This vulnerability affects the follo

[SA-CORE-2020-004] Cross Site Request Forgery

vom 1485.54 Punkte
The Drupal core Form API didn't properly handle certain form input from cross-site requests, which could lead to other vulnerabilities. This vulnerability affects the following application versions: Drupal 7.0 Drupal 7.1

[SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

vom 1473.21 Punkte
Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following app

[SA-CORE-2021-007] Cross Site Request Forgery

vom 1384.38 Punkte
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the S

[SA-CORE-2021-009] Access bypass

vom 1376.75 Punkte
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. CVE-2020-13676 This vulnerability

Team Security Diskussion über CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691)