Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
drupal / drupal 9.0.0 9.0.6
drupal / drupal 8.9.0 8.9.6
drupal / drupal 8.8.0 8.8.10
drupal / core 8.0.0 8.8.10
drupal / core 8.9.0 8.9.6
drupal / core 9.0.0 9.0.6