Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2006-5477
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ...
CVE-2006-5475
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...
CVE-2006-5475
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
CVE-2006-5476
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
CVE-2006-5477
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
CVE-2006-4120
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4002
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
CVE-2006-4002
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...
CVE-2006-4002
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
CVE-2006-3570
Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2006-5477 Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ... | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
| CVE-2006-5475 Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ... | CVSS2: 6.8 | 2% Низкий | около 19 лет назад |
 | CVE-2006-5475 Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | CVSS2: 6.8 | 2% Низкий | около 19 лет назад |
| CVE-2006-5476 Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | CVSS2: 7.5 | 1% Низкий | около 19 лет назад |
| CVE-2006-5477 Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | CVSS2: 2.6 | 1% Низкий | около 19 лет назад |
 | CVE-2006-4120 Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 5.1 | 2% Низкий | больше 19 лет назад |
| CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ... | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. | CVSS2: 4.3 | 1% Низкий | больше 19 лет назад |
| CVE-2006-3570 Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
Уязвимостей на страницу