CVE-2020-13673 - AskarLabs CVE Database

CVE-2020-13673

Vendor Drupal

Product Entity Embed

Weakness CWE-352 · CSRF

Published February 11, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.

Key dates

02Disclosure timeline

February 11, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-13673 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2022-47161 WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-30783 WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability CVE-2024-38731 WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-31381 WordPress Spotlight Social Feeds plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-53719 WordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability