Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2011-1066
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-0899
The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user.
CVE-2011-0771
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.
CVE-2010-4521
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path.
CVE-2010-4521
Cross-site scripting (XSS) vulnerability in the Views module 6.x befor ...
CVE-2010-4520
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title.
CVE-2010-4520
Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...
CVE-2010-4519
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.
CVE-2010-4519
Multiple cross-site request forgery (CSRF) vulnerabilities in the View ...
CVE-2010-3686
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2011-1066 Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 2.6 | 0% Низкий | почти 15 лет назад |
| CVE-2011-0899 The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user. | CVSS2: 5 | 0% Низкий | почти 15 лет назад |
| CVE-2011-0771 The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | CVSS2: 6.8 | 1% Низкий | около 15 лет назад |
| CVE-2010-4521 Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | CVSS2: 4.3 | 0% Низкий | около 15 лет назад |
| CVE-2010-4521 Cross-site scripting (XSS) vulnerability in the Views module 6.x befor ... | CVSS2: 4.3 | 0% Низкий | около 15 лет назад |
| CVE-2010-4520 Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. | CVSS2: 4.3 | 0% Низкий | около 15 лет назад |
| CVE-2010-4520 Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ... | CVSS2: 4.3 | 0% Низкий | около 15 лет назад |
| CVE-2010-4519 Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. | CVSS2: 6.8 | 0% Низкий | около 15 лет назад |
| CVE-2010-4519 Multiple cross-site request forgery (CSRF) vulnerabilities in the View ... | CVSS2: 6.8 | 0% Низкий | около 15 лет назад |
| CVE-2010-3686 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
Уязвимостей на страницу