Description
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21355 Vulnerability (CVE-2022-21355)
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4614)
WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)
WordPress Plugin Simply Instagram Cross-Site Scripting (1.2.6)