CVE-2020-13673 in Drupalinfo

Summary

by MITRE • 02/11/2022

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

05/28/2020

Disclosure

02/11/2022

Moderation

accepted

Entry

VDB-182892

CPE

ready

CWE

CWE-352 (confirmed)

CVSS

3.5 (VulDB)

EPSS

0.00255

KEV

Activities

very low

Sector

Lawfirm, Agriculture, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-13673
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-13673
CVE Details	https://www.cvedetails.com/cve/CVE-2020-13673/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!