← Back to home
wid-sec-w-2026-2181  ·  Published 2026-07-01  ·  View on BSI CERT-Bund ↗

Drupal Extensions: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren.

Affected Vendors

Open Source

Affected Products (14)

Open Source · Drupal Canvas <1.4.2
Open Source · Drupal Canvas 1.4.2
Open Source · Drupal Canvas <1.5.2
Open Source · Drupal Canvas 1.5.2
Open Source · Drupal Canvas <1.6.1
Open Source · Drupal Canvas 1.6.1
Open Source · Drupal Canvas <1.7.1
Open Source · Drupal Canvas 1.7.1
Open Source · Drupal FlowDrop <1.6.0
Open Source · Drupal FlowDrop 1.6.0
Open Source · Drupal Colorbox <2.1.5
Open Source · Drupal Colorbox 2.1.5
Open Source · Drupal Colorbox <2.2.1
Open Source · Drupal Colorbox 2.2.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more