Attacker Value
Very Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2020-13668

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances.

An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.

Add Assessment

2
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Medium
Technical Analysis

This is reflected (vs. stored) XSS under certain circumstances, so I’m not sure how useful this is outside, say, phishing for creds – critical rating aside. Happy to be shown otherwise.

General Information

Additional Info

Technical Analysis