Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 966

GHSA-cmmh-8mwp-gq5p

около 3 лет назад

Drupal Cross Site Scripting (XSS) vulnerability

CVSS3: 5.4

EPSS: Средний

GHSA-6grv-hw8g-4gfm

около 3 лет назад

PrestaShop Cross-site Scripting vulnerability

CVSS3: 6.1

EPSS: Низкий

GHSA-gg66-rc85-hvpw

около 3 лет назад

Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.

EPSS: Низкий

GHSA-57vg-4hw3-gq38

около 3 лет назад

Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий

GHSA-cggr-42mf-4mqj

около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.

EPSS: Низкий

GHSA-fpf8-6xj4-hr2q

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий

GHSA-6x6x-fpgp-99vx

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.

EPSS: Низкий

GHSA-8g9r-q8w4-x2hq

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.

EPSS: Низкий

GHSA-4gfq-rjmx-jrww

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.

EPSS: Низкий

GHSA-r246-575w-fvgc

около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-cmmh-8mwp-gq5p Drupal Cross Site Scripting (XSS) vulnerability	CVSS3: 5.4	58% Средний	около 3 лет назад
GHSA-6grv-hw8g-4gfm PrestaShop Cross-site Scripting vulnerability	CVSS3: 6.1	0% Низкий	около 3 лет назад
GHSA-gg66-rc85-hvpw Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.		0% Низкий	около 3 лет назад
GHSA-57vg-4hw3-gq38 Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.		0% Низкий	около 3 лет назад
GHSA-cggr-42mf-4mqj Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.		0% Низкий	около 3 лет назад
GHSA-fpf8-6xj4-hr2q Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.		0% Низкий	около 3 лет назад
GHSA-6x6x-fpgp-99vx Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.		0% Низкий	около 3 лет назад
GHSA-8g9r-q8w4-x2hq Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.		0% Низкий	около 3 лет назад
GHSA-4gfq-rjmx-jrww Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.		0% Низкий	около 3 лет назад
GHSA-r246-575w-fvgc Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.		0% Низкий	около 3 лет назад

Уязвимостей на страницу