VulnerableCode Package Details - pkg:alpm/archlinux/drupal@9.1.7-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-7s25-1pn3-aaaa Aliases: CVE-2021-33829 GHSA-rgx6-rjj4-c388	A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.	9.1.10-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7s25-1pn3-aaaa
Aliases:
CVE-2021-33829
GHSA-rgx6-rjj4-c388

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

9.1.10-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-prpe-f8kr-aaam	Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.	CVE-2020-13672 GHSA-3m36-mjwj-352c
VCID-unxt-vez2-aaad	Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.	CVE-2020-36193 GHSA-rpw6-9xfx-jvcx

Vulnerability

Summary

Aliases

VCID-prpe-f8kr-aaam

Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.

CVE-2020-13672
GHSA-3m36-mjwj-352c

VCID-unxt-vez2-aaad

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE-2020-36193
GHSA-rpw6-9xfx-jvcx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:35.504961+00:00	Arch Linux Importer	Affected by	VCID-7s25-1pn3-aaaa	https://security.archlinux.org/AVG-2069	36.0.0
2025-03-28T07:44:11.200095+00:00	Arch Linux Importer	Fixing	VCID-prpe-f8kr-aaam	https://security.archlinux.org/AVG-1463	36.0.0
2025-03-28T07:44:11.179603+00:00	Arch Linux Importer	Fixing	VCID-unxt-vez2-aaad	https://security.archlinux.org/AVG-1463	36.0.0
2024-09-18T02:00:33.492526+00:00	Arch Linux Importer	Affected by	VCID-7s25-1pn3-aaaa	https://security.archlinux.org/AVG-2069	34.0.1
2024-09-18T01:59:18.094698+00:00	Arch Linux Importer	Fixing	VCID-prpe-f8kr-aaam	https://security.archlinux.org/AVG-1463	34.0.1
2024-09-18T01:59:18.067265+00:00	Arch Linux Importer	Fixing	VCID-unxt-vez2-aaad	https://security.archlinux.org/AVG-1463	34.0.1
2024-01-03T22:26:49.679497+00:00	Arch Linux Importer	Affected by	VCID-7s25-1pn3-aaaa	https://security.archlinux.org/AVG-2069	34.0.0rc1
2024-01-03T22:25:35.352696+00:00	Arch Linux Importer	Fixing	VCID-prpe-f8kr-aaam	https://security.archlinux.org/AVG-1463	34.0.0rc1
2024-01-03T22:25:35.333243+00:00	Arch Linux Importer	Fixing	VCID-unxt-vez2-aaad	https://security.archlinux.org/AVG-1463	34.0.0rc1