Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 988

CVE-2013-0324

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.

CVSS2: 2.1

EPSS: Низкий

CVE-2013-0323

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-0322

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-0321

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-0320

почти 13 лет назад

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.

CVSS2: 5.1

EPSS: Низкий

CVE-2013-0319

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-0318

почти 13 лет назад

The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.

CVSS2: 10

EPSS: Низкий

CVE-2013-0317

почти 13 лет назад

Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.

CVSS2: 4.3

EPSS: Низкий

CVE-2013-0316

почти 13 лет назад

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.

CVSS2: 5

EPSS: Низкий

CVE-2013-0316

почти 13 лет назад

The Image module in Drupal 7.x before 7.20 allows remote attackers to ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2013-0324 Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.	CVSS2: 2.1	0% Низкий	почти 13 лет назад
CVE-2013-0323 Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2013-0322 Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2013-0321 Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2013-0320 Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.	CVSS2: 5.1	0% Низкий	почти 13 лет назад
CVE-2013-0319 Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2013-0318 The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.	CVSS2: 10	1% Низкий	почти 13 лет назад
CVE-2013-0317 Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2013-0316 The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.	CVSS2: 5	1% Низкий	почти 13 лет назад
CVE-2013-0316 The Image module in Drupal 7.x before 7.20 allows remote attackers to ...	CVSS2: 5	1% Низкий	почти 13 лет назад

Уязвимостей на страницу