Логотип exploitDog
product: "drupal"
Консоль
Логотип exploitDog

exploitDog

product: "drupal"
Drupal

Drupalсистема управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal
Вендор: drupal

График релизов

10.311.011.110.411.210.52024202520262027

Недавние уязвимости Drupal

Количество 1 988

nvd логотип

CVE-2007-0136

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
EPSS: Низкий
debian логотип

CVE-2007-0136

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2007-0136

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-0124

почти 19 лет назад

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

CVSS2: 3.5
EPSS: Низкий
debian логотип

CVE-2007-0124

почти 19 лет назад

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2007-0124

почти 19 лет назад

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2006-5476

около 19 лет назад

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-5475

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-5477

около 19 лет назад

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

CVSS2: 2.6
EPSS: Низкий
debian логотип

CVE-2006-5475

около 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...

CVSS2: 6.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
debian логотип
CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
ubuntu логотип
CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-0124

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

CVSS2: 3.5
1%
Низкий
почти 19 лет назад
debian логотип
CVE-2007-0124

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...

CVSS2: 3.5
1%
Низкий
почти 19 лет назад
ubuntu логотип
CVE-2007-0124

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

CVSS2: 3.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2006-5476

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5475

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-5477

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

CVSS2: 2.6
1%
Низкий
около 19 лет назад
debian логотип
CVE-2006-5475

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...

CVSS2: 6.8
2%
Низкий
около 19 лет назад

Уязвимостей на страницу

Поделиться