Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2008-0273
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
CVE-2008-0272
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
CVE-2008-0274
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...
CVE-2008-0273
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ...
CVE-2008-0272
Cross-site request forgery (CSRF) vulnerability in the aggregator modu ...
CVE-2008-0272
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
CVE-2008-0274
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
CVE-2008-0273
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
CVE-2007-6299
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
CVE-2007-6299
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-0273 Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2008-0272 Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2008-0274 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ... | CVSS2: 2.6 | 1% Низкий | почти 18 лет назад |
| CVE-2008-0273 Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ... | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2008-0272 Cross-site request forgery (CSRF) vulnerability in the aggregator modu ... | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
 | CVE-2008-0272 Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2008-0274 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | CVSS2: 2.6 | 1% Низкий | почти 18 лет назад |
| CVE-2008-0273 Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2007-6299 Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
| CVE-2007-6299 Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ... | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
Уязвимостей на страницу