Miggo Logo
Miggo Vulnerability Database
CVE-2020-13666

CVE-2020-13666: Drupal Core Cross-site scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-13666
GHSA ID
GHSA-8jj2-x2gc-ggm7
EPSS Score
0.65507%
CWE
CWE-79
Published
5/24/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
drupal/corecomposer>= 8.8.0, < 8.8.108.8.10
drupal/corecomposer>= 8.9.0, < 8.9.68.9.6
drupal/corecomposer>= 9.0.0, < 9.0.69.0.6
drupal/corecomposer>= 7.0.0, < 7.737.73
drupal/drupalcomposer>= 7.0.0, < 7.737.73
drupal/drupalcomposer>= 8.8.0, < 8.8.108.8.10
drupal/drupalcomposer>= 8.9.0, < 8.9.68.9.6
drupal/drupalcomposer>= 9.0.0, < 9.0.69.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* vuln*r**ility in *rup*l *or*. *rup*l *J*X *PI *o*s not *is**l* JSONP *y ****ult, *llowin* *or *n XSS *tt**k. T*is issu* *****ts: *rup*l *rup*l *or* *.x v*rsions prior to *.**; *.*.x v*rsions prior to *.*.**; *.*.x v*rsions prior

Reasoning

No *n*lysis *v*il**l*