Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 966

CVE-2006-5476

больше 18 лет назад

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

CVSS2: 7.5

EPSS: Низкий

CVE-2006-5477

больше 18 лет назад

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

CVSS2: 2.6

EPSS: Низкий

CVE-2006-5475

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

CVSS2: 6.8

EPSS: Низкий

CVE-2006-4120

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 5.1

EPSS: Низкий

CVE-2006-4002

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.

CVSS2: 4.3

EPSS: Низкий

CVE-2006-4002

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...

CVSS2: 4.3

EPSS: Низкий

CVE-2006-4002

почти 19 лет назад

CVSS2: 4.3

EPSS: Низкий

CVE-2006-3570

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3

EPSS: Низкий

CVE-2006-3570

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in the webform module in Drup ...

CVSS2: 4.3

EPSS: Низкий

CVE-2006-3570

почти 19 лет назад

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-5476 Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.	CVSS2: 7.5	1% Низкий	больше 18 лет назад
CVE-2006-5477 Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.	CVSS2: 2.6	1% Низкий	больше 18 лет назад
CVE-2006-5475 Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.	CVSS2: 6.8	1% Низкий	больше 18 лет назад
CVE-2006-4120 Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS2: 5.1	1% Низкий	почти 19 лет назад
CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.	CVSS2: 4.3	1% Низкий	почти 19 лет назад
CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...	CVSS2: 4.3	1% Низкий	почти 19 лет назад
CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.	CVSS2: 4.3	1% Низкий	почти 19 лет назад
CVE-2006-3570 Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS2: 4.3	0% Низкий	почти 19 лет назад
CVE-2006-3570 Cross-site scripting (XSS) vulnerability in the webform module in Drup ...	CVSS2: 4.3	0% Низкий	почти 19 лет назад
CVE-2006-3570 Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVSS2: 4.3	0% Низкий	почти 19 лет назад

Уязвимостей на страницу