CVE-2020-13669
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
We have discovered 24,590 live websites that are affected by CVE-2020-13669.
Affected Software
| Product |  Drupal |
| Category | Content Management System |
| Vulnerable Domains | 24,590 live websites (9.79% of Drupal install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 21 versions ( 6.89% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Feb 11, 2022
- Updated - Aug 4, 2024
CWE
CVE References
CWE References
CVE-2020-13669 usage by Country
 United States | 9,352 websites |
 Germany | 3,632 websites |
 France | 2,046 websites |
 Belgium | 1,131 websites |
 Russia | 967 websites |
 Netherlands | 719 websites |
 GB | 577 websites |
 Italy | 447 websites |
 Switzerland | 408 websites |
 Spain | 387 websites |
CVE-2020-13669 usage by TLD
| .com | 6,461 websites |
| .org | 2,446 websites |
| .de | 2,336 websites |
| .be | 1,164 websites |
| .fr | 1,008 websites |
| .edu | 796 websites |
| .ru | 787 websites |
| .nl | 647 websites |
| .net | 542 websites |
| .it | 474 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-13669
Top websites that are affected by CVE-2020-13669. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.**.uk | United States | *** | |
| ***.org | United States | *,*** | |
| *****.com | United States | *,*** | |
| **************.ie |  Ireland | *,*** | |
| *********.****.fr | France | *,*** | |
| *******.org | United States | *,*** | |
| ****.com | United States | *,*** | |
| ***********.org | United States | *,*** | |
| *********.ca | United States | *,*** | |
| ************.com | United States | *,*** |
FAQ
CVE-2020-13669 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal
A total of 24,590 websites have been identified as vulnerable to CVE-2020-13669, discovered through global website indexing conducted by WebTechSurvey.
Drupal is susceptible to CVE-2020-13669 vulnerability.
Drupal versions before 9.0.6 are vulnerable to CVE-2020-13669.
Version 9.0.6 of Drupal addresses the CVE-2020-13669 security vulnerability.