Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 978

CVE-2005-1921

больше 20 лет назад

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

EPSS: Высокий

CVE-2005-1871

больше 20 лет назад

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."

CVSS2: 7.5

EPSS: Низкий

CVE-2005-1871

больше 20 лет назад

Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...

CVSS2: 7.5

EPSS: Низкий

CVE-2005-1871

больше 20 лет назад

CVSS2: 7.5

EPSS: Низкий

CVE-2005-0682

больше 20 лет назад

Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.

CVSS2: 4.3

EPSS: Низкий

CVE-2005-0682

больше 20 лет назад

Cross-site scripting (XSS) vulnerability in common.inc in Drupal befor ...

CVSS2: 4.3

EPSS: Низкий

CVE-2005-0682

больше 20 лет назад

Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.

CVSS2: 4.3

EPSS: Низкий

CVE-2002-1806

почти 23 года назад

Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2005-1921 Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.		86% Высокий	больше 20 лет назад
CVE-2005-1871 Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."	CVSS2: 7.5	1% Низкий	больше 20 лет назад
CVE-2005-1871 Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...	CVSS2: 7.5	1% Низкий	больше 20 лет назад
CVE-2005-1871 Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."	CVSS2: 7.5	1% Низкий	больше 20 лет назад
CVE-2005-0682 Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.	CVSS2: 4.3	0% Низкий	больше 20 лет назад
CVE-2005-0682 Cross-site scripting (XSS) vulnerability in common.inc in Drupal befor ...	CVSS2: 4.3	0% Низкий	больше 20 лет назад
CVE-2005-0682 Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.	CVSS2: 4.3	0% Низкий	больше 20 лет назад
CVE-2002-1806 Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.	CVSS2: 4.3	3% Низкий	почти 23 года назад

Уязвимостей на страницу