Drupal Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Drupal, a remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.
- Security Restriction Bypass
- Information Disclosure
- Cross-Site Scripting
System / Technologies affected
- Drupal 9.2
- Drupal 9.1
- Drupal 8.9
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- for Drupal 9.2, update to Drupal 9.2.6
- for Drupal 9.1, update to Drupal 9.1.13
- for Drupal 8.9, update to Drupal 8.9.19
Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.