Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 966
CVE-2007-0136
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.
CVE-2007-0124
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
CVE-2007-0124
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...
CVE-2007-0124
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
CVE-2006-5476
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
CVE-2006-5475
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
CVE-2006-5477
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
CVE-2006-5477
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ...
CVE-2006-5476
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...
CVE-2006-5475
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-0136 Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад |
 | CVE-2007-0124 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | CVSS2: 3.5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0124 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ... | CVSS2: 3.5 | 1% Низкий | больше 18 лет назад |
| CVE-2007-0124 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | CVSS2: 3.5 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5476 Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5475 Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5477 Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | CVSS2: 2.6 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5477 Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ... | CVSS2: 2.6 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5476 Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ... | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад |
| CVE-2006-5475 Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ... | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу