Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006
|
System information
|
|
|
Affected software |
Drupal |
Description
|
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13673Description: The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user
More info:
https://www.drupal.org/sa-core-2021-006 |
Standar resources
|
Property |
Value |
CVE |
CVE-2020-13673. |