Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2009-3363
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
CVE-2009-3353
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVE-2009-3352
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVE-2009-3210
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3207
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVE-2009-3206
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3157
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2009-3363 Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | CVSS2: 4.3 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3354 Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | CVSS2: 10 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3353 Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | CVSS2: 10 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3352 Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | CVSS2: 10 | 1% Низкий | больше 16 лет назад |
| CVE-2009-3351 Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | CVSS2: 10 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3350 Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | CVSS2: 10 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3210 Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 3.5 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3207 The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | CVSS2: 6.8 | 1% Низкий | больше 16 лет назад |
| CVE-2009-3206 Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 3.5 | 0% Низкий | больше 16 лет назад |
| CVE-2009-3157 Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | CVSS2: 3.5 | 0% Низкий | больше 16 лет назад |
Уязвимостей на страницу