Severity Rating: MEDIUM
Software Affected
•Drupal 7.69
•Drupal 8.7.13
•Drupal 8.8. 5
Overview
Multiple vulnerabilities have been reported in Drupal that could allow a
remote attacker to execute cross-site scripting and open redirect attacks
on the targeted system.
Description
1. Cross Site Scripting Vulnerabilities ( CVE-2020-11022 CVE-2020-11023
)
These vulnerabilities exist in Drupal core due to improper validation of
user-supplied input by the jQuery DOM manipulation methods. A remote
attacker could exploit this vulnerability by executing script in a
victim¿s Web browser within the security context of the hosting Web site.
Successful exploitation of this Vulnerability could allow the attacker to
steal the victim¿s cookie-based authentication credential.
2. Open Redirect Vulnerability
This vulnerability exist in Drupal core due to insufficient validation of
the destination query parameter in the drupal_goto() function. A remote
attacker could exploit this vulnerability by using a destination query
string in a specially-crafted URL.
Successful exploitation of this Vulnerability could allow the attacker to
conduct phishing attacks on the targeted system.
Solution
Apply appropriate updates as mentioned in following URLs:
Vendor Information
Drupal
References
Drupal
CVE Name
CVE-2020-11022
CVE-2020-11023
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIAD-2020-0033] Multiple Vulnerabilities in Adobe DNG Software Development Kit (SDK)](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )