drupal/core Security Advisories for 11.1.3 (5)
-
[LOW] Drupal core allows Forceful Browsing
PKSA-bn52-vyzy-rmnm CVE-2025-13080 GHSA-83v7-c2cf-p9c2
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-xj83-g6g8-41vf CVE-2025-13081 GHSA-m6vv-vcj8-w8m7
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[LOW] Drupal core allows Content Spoofing
PKSA-dh1f-zjm5-qg8y CVE-2025-13082 GHSA-h89p-5896-f4q8
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[LOW] Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels
PKSA-d8tb-wwz2-ctxk CVE-2025-13083 GHSA-mhpg-hpj5-73r2
Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9
Reported by:
GitHub -
[LOW] Drupal Core Cross-Site Scripting (XSS) Vulnerability
PKSA-42zc-x5ss-z64p CVE-2025-31675 GHSA-m4wj-hhwj-47qp
Affected version: >=11.1.0,<11.1.5|>=11.0.0,<11.0.13|>=10.4.0,<10.4.5|>=8.0.0,<10.3.14
Reported by:
GitHub