Количество 2
Количество 2
CVE-2020-13674
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
GHSA-j586-cj67-vg4p
Cross-Site Request Forgery in Drupal core
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-13674 The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-j586-cj67-vg4p Cross-Site Request Forgery in Drupal core | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу