Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal Core 9.3.x Multiple Vulnerabilities (9.3.0 - 9.3.7) - Vulnerability Database

Drupal Core 9.3.x Multiple Vulnerabilities (9.3.0 - 9.3.7)

Description

Drupal Core is prone to multiple vulnerabilities, including cross-site scripting and denial of service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, or to abuse a dialog input validator regular expression, which could cause a significant performance drop. Drupal Core versions 9.3.x ranging from 9.3.0 and up to and including 9.3.7 are vulnerable.

Remediation

Update to Drupal Core version 9.3.8 or latest

References

https://www.drupal.org/sa-core-2022-005
https://ckeditor.com/blog/ckeditor-4.18.0-browser-bugfix-and-security-patches/

Related Vulnerabilities

Apache 2.x version older than 2.0.43 Medium
Common tags: Missing Update
WordPress Plugin Sabre 'tools.php' Cross-Site Scripting (1.2.0) High
Common tags: Missing Update
WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2) High
Common tags: Missing Update
WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8) High
Common tags: Missing Update
WordPress Plugin Subscribe2 Multiple Cross-Site Scripting Vulnerabilities (8.1) High
Common tags: Missing Update

Severity

High

Classification

CVE-2022-24728
CVE-2022-24729
CWE-79
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update