Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2020-13663

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

VectorNETWORK

PublishedJun 11, 2021, 16:15

Published Bymlhess@drupal.org

Base Score

Score8.8

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

drupal/core(Packagist)8.9.08.9.1N/A

drupal/core(Packagist)9.0.09.0.1N/A

drupal/core(Packagist)7.0.07.72N/A

drupal/core(Packagist)8.0.08.8.8N/A

drupal/drupal(Packagist)7.0.07.72N/A

drupal/drupal(Packagist)8.0.08.8.8N/A

drupal/drupal(Packagist)8.9.08.9.1N/A

drupal/drupal(Packagist)9.0.09.0.1N/A

References

https://www.drupal.org/sa-core-2020-004

Weakness Type

CWE-352

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK