Saturday, January 23, 01:18
Home security Critical cross-site scripting (XSS) vulnerabilities fixed in Drupal

Critical cross-site scripting (XSS) vulnerabilities fixed in Drupal

Drupal

This week, corrected at Drupal content management system (CMS) enough cross-site scripting (XSS) errors and vulnerabilities that lead to information disclosure. One of these errors has been identified as critical.

Critical vulnerability is called CVE-2020-13668, is XSS and affects versions Drupal 8 and 9. Exploiting the XSS vulnerability is only possible under certain conditions.

"An attacker could take advantage of the way HTML is executed on the affected forms in order to take advantage of the vulnerability", They say developers of Drupal. The specific error has been reported by many users.

Another XSS vulnerability, which has been rated as quite critical, affects versions Drupal 7, 8 and 9 and is related to API AJAX which does not turn off JSONP by default.

A third XSS vulnerability, of equal severity, affects only Drupal 7 and 8 and is related to “CKEditor image caption ”function which is embedded in the Drupal kernel. Some time ago, some updates were released to address XSS vulnerabilities affecting the CKEditor library.

Developers and administrators sites are also facing a relatively critical error. It affects the experimental Workspaces module, which allows users to create multiple workspaces in one website. There they can edit content before posting it on the live workspace.

XSS

"The Workspaces module does not adequately control access rights when switching workspaces. An attacker could see content before the site owner posted it for everyone to see", Explained the developers of Drupal.

As we read in securityweek, the last vulnerability that was fixed affects File module and allows the attacker to acquire access the metadata of a private file, guessing his ID.

The users Drupal should immediately install the updates to fix the vulnerabilities. They have also received instructions for additional measures security.

It is worth noting that the versions Drupal 8 before 8.8.x is no longer supported and therefore do not receive updates security.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...

Bitcoin helps the middle class survive the pandemic

Regulators still imply that Bitcoin is just a tool for criminals, but it seems that for the middle class ...

Lightworks 2021.1 for Linux, Mac and Windows has been released

Lightworks Professional Multi-Platform Video Editing Software received the first major update to Lightworks 2021.1 for Windows, Linux and Mac.

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...