BIT-drupal-2022-25276

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-25276.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-drupal-2022-25276

Aliases

Published

2024-03-06T10:52:55.802Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

Database specific

{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://www.drupal.org/sa-core-2022-015

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.3.0

Fixed

9.3.19

Introduced

9.4.0

Fixed

9.4.3