Attacker Value
Very Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2020-13668

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Add Assessment

2
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Medium
Technical Analysis

This is reflected (vs. stored) XSS under certain circumstances, so I’m not sure how useful this is outside, say, phishing for creds – critical rating aside. Happy to be shown otherwise.

General Information

Vendors

  • Drupal

Products

  • Core

Additional Info

Technical Analysis