Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 987
CVE-2006-3570
Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ...
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ...
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload. ...
CVE-2006-2831
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
CVE-2006-2832
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-3570 Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
 | CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | CVSS2: 7.5 | 2% Низкий | больше 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ... | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ... | CVSS2: 7.5 | 2% Низкий | больше 19 лет назад |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload. ... | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2831 Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | CVSS2: 7.5 | 2% Низкий | больше 19 лет назад |
| CVE-2006-2832 Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
| CVE-2006-2833 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | CVSS2: 2.6 | 1% Низкий | больше 19 лет назад |
Уязвимостей на страницу