Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Published: Feb 11, 2022
Updated: Nov 16, 2025
CVE: CVE-2020-13668
GHSA: GHSA-m6q5-wv4x-fv6h
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
drupal / drupal	9.0.0	9.0.6
drupal / drupal	8.9.0	8.9.6
drupal / drupal	8.8.0	8.8.10
drupal / core	8.0.0	8.8.10
drupal / core	8.9.0	8.9.6
drupal / core	9.0.0	9.0.6

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo