File Entity

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-13276 HIGH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.X-* before 7.X-2.39. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure File Entity Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13237 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).X-* before 7.X-2.38. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Entity Drupal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-13276
EPSS 0% CVSS 7.5
HIGH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.X-* before 7.X-2.39. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure File Entity Drupal
NVD
CVE-2024-13237
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).X-* before 7.X-2.38. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Entity Drupal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy