HomePentest-Tools.com Logo

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Windows CVE-2010-5312CVE-2016-7103CVE-2021-41182CVE-2021-41183

Severity
CVSSv3 Score
6.1
Vulnerability description

Drupal is prone to multiple cross-site scripting (XSS) vulnerabilities in jQuery UI.

Risk description

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. It is possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release applies the fix for the above cross-site description issue, without making any of the other changes to the jQuery version that is included in Drupal.

Recommendation

Update to version 7.86 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 24, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available