Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 988

CVE-2008-3740

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3

EPSS: Низкий

CVE-2008-3740

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the output filter in Drupa ...

CVSS2: 4.3

EPSS: Низкий

CVE-2008-3743

больше 17 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...

CVSS2: 5.8

EPSS: Низкий

CVE-2008-3745

больше 17 лет назад

The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...

CVSS2: 5.5

EPSS: Низкий

CVE-2008-3742

больше 17 лет назад

Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...

CVSS2: 6.5

EPSS: Низкий

CVE-2008-3741

больше 17 лет назад

The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...

CVSS2: 3.5

EPSS: Низкий

CVE-2008-3744

больше 17 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...

CVSS2: 5.8

EPSS: Низкий

CVE-2008-3740

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3

EPSS: Низкий

CVE-2008-3742

больше 17 лет назад

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

CVSS2: 6.5

EPSS: Низкий

CVE-2008-3741

больше 17 лет назад

The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.

CVSS2: 3.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2008-3740 Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS2: 4.3	0% Низкий	больше 17 лет назад
CVE-2008-3740 Cross-site scripting (XSS) vulnerability in the output filter in Drupa ...	CVSS2: 4.3	0% Низкий	больше 17 лет назад
CVE-2008-3743 Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...	CVSS2: 5.8	0% Низкий	больше 17 лет назад
CVE-2008-3745 The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...	CVSS2: 5.5	1% Низкий	больше 17 лет назад
CVE-2008-3742 Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...	CVSS2: 6.5	3% Низкий	больше 17 лет назад
CVE-2008-3741 The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...	CVSS2: 3.5	0% Низкий	больше 17 лет назад
CVE-2008-3744 Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...	CVSS2: 5.8	0% Низкий	больше 17 лет назад
CVE-2008-3740 Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS2: 4.3	0% Низкий	больше 17 лет назад
CVE-2008-3742 Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.	CVSS2: 6.5	3% Низкий	больше 17 лет назад
CVE-2008-3741 The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.	CVSS2: 3.5	0% Низкий	больше 17 лет назад

Уязвимостей на страницу