Back to search
CVE-2020-13673
Published: Feb 11, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Entity Embed | affected 8.x - < 8.x-1.2 |
Weaknesses (CWE)
References
https://www.drupal.org/sa-contrib-2021-028
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now