➠ CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691)
A vulnerability was found in Drupal up to 8.1.9 and classified as problematic. This issue affects some unknown processing of the component HTTP Exception Handler. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2016-7571. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component....
vom 2250.83 Punkte Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
vom 1863.92 Punkte Drupal core's sanitize API failed to properly filter cross-site scripting under certain circumstances.
This vulnerability affects the following application versions:
Drupal 7.0
Drupal 7.1
vom 1758.19 Punkte Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
vom 1758.19 Punkte Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo
vom 1647.78 Punkte Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.
This vulnerabi
vom 1647.78 Punkte Official Description: Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials.
Thi
vom 1630.79 Punkte Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in
vom 1528.87 Punkte The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.
This vulnerability affects the follo
vom 1485.54 Punkte The Drupal core Form API didn't properly handle certain form input from cross-site requests, which could lead to other vulnerabilities.
This vulnerability affects the following application versions:
Drupal 7.0
Drupal 7.1
vom 1473.21 Punkte
Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability.
Part of security release SA-CORE-2019-004
This vulnerability affects the following app
vom 1384.38 Punkte The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
Sites are only affected if the QuickEdit module (which comes with the S
vom 1376.75 Punkte The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.
Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
CVE-2020-13676
This vulnerability
Team Security Diskussion über CVE-2016-7571 | Drupal up to 8.1.9 HTTP Exception cross site scripting (Nessus ID 94051 / ID 11691)
