Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2014-1476
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
CVE-2013-6388
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
CVE-2013-6388
Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...
CVE-2013-6387
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
CVE-2013-6387
Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...
CVE-2013-6388
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
CVE-2013-6387
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-1476 The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. | CVSS2: 4 | 0% Низкий | около 12 лет назад |
 | CVE-2013-0244 Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. | CVSS2: 2.6 | 0% Низкий | около 12 лет назад |
| CVE-2013-0244 Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ... | CVSS2: 2.6 | 0% Низкий | около 12 лет назад |
| CVE-2013-0244 Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. | CVSS2: 2.6 | 0% Низкий | около 12 лет назад |
| CVE-2013-6388 Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | CVSS2: 4.3 | 0% Низкий | около 12 лет назад |
| CVE-2013-6388 Cross-site scripting (XSS) vulnerability in the Color module in Drupal ... | CVSS2: 4.3 | 0% Низкий | около 12 лет назад |
| CVE-2013-6387 Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | CVSS2: 2.1 | 0% Низкий | около 12 лет назад |
| CVE-2013-6387 Cross-site scripting (XSS) vulnerability in the Image module in Drupal ... | CVSS2: 2.1 | 0% Низкий | около 12 лет назад |
| CVE-2013-6388 Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | CVSS2: 4.3 | 0% Низкий | около 12 лет назад |
| CVE-2013-6387 Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | CVSS2: 2.1 | 0% Низкий | около 12 лет назад |
Уязвимостей на страницу