Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2010-3686
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-3091
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3091
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...
CVE-2010-3686
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3091
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2010-3094
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
CVE-2010-3094
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2010-3686 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ... | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
 | CVE-2010-3685 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3685 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ... | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3091 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3091 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ... | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
 | CVE-2010-3686 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3685 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3091 The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | CVSS2: 5 | 1% Низкий | больше 15 лет назад |
| CVE-2010-3094 Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | CVSS2: 2.1 | 0% Низкий | больше 15 лет назад |
| CVE-2010-3094 Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ... | CVSS2: 2.1 | 0% Низкий | больше 15 лет назад |
Уязвимостей на страницу