Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 966
CVE-2007-4064
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...
CVE-2007-4063
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...
CVE-2007-4063
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
CVE-2007-4064
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.
CVE-2007-0658
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
CVE-2007-0626
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
CVE-2007-0626
The comment_form_add_preview function in comment.module in Drupal befo ...
CVE-2007-0626
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
CVE-2007-0136
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.
CVE-2007-0136
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-4064 Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ... | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2007-4063 Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ... | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
 | CVE-2007-4063 Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
| CVE-2007-4064 Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names. | CVSS2: 4.3 | 0% Низкий | почти 18 лет назад |
 | CVE-2007-0658 The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0626 The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." | CVSS2: 6.5 | 5% Низкий | больше 18 лет назад |
| CVE-2007-0626 The comment_form_add_preview function in comment.module in Drupal befo ... | CVSS2: 6.5 | 5% Низкий | больше 18 лет назад |
| CVE-2007-0626 The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." | CVSS2: 6.5 | 5% Низкий | больше 18 лет назад |
| CVE-2007-0136 Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0136 Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ... | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу