Package impact
Packagist / drupal/drupal
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6340 | unknown | — | 2.5 | 7y ago | In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. | |||
| CVE-2010-3094 | low | — | 2.1 | 16y ago | Drupal cross-site scripting vulnerability via actions feature and trigger module | |||
| CVE-2020-13671 | unknown | — | 1.5 | 6y ago | Improper sanitization in the extension file names is present in Drupal core. | |||
| CVE-2019-10909 | unknown | — | — | 7y ago | In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… |