Логотип exploitDog
product: "drupal"
Консоль
Логотип exploitDog

exploitDog

product: "drupal"
Drupal

Drupalсистема управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal
Вендор: drupal

График релизов

11.110.411.210.5202420252026

Недавние уязвимости Drupal

Количество 1 975

github логотип

GHSA-52r3-f6x8-h7v5

больше 3 лет назад

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

EPSS: Низкий
github логотип

GHSA-rfcr-9c2p-h4c8

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

EPSS: Низкий
github логотип

GHSA-p427-mqx7-2fch

больше 3 лет назад

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2435-5x6f-gxhq

больше 3 лет назад

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

EPSS: Низкий
github логотип

GHSA-35cm-vgq9-v4xx

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.

EPSS: Низкий
github логотип

GHSA-6wqg-hrhc-g2f4

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles."

EPSS: Низкий
github логотип

GHSA-h377-8345-m527

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-hgm2-x96p-g52q

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2c95-h9c7-j48h

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-7rx8-fqcc-2mqg

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
github логотип
GHSA-52r3-f6x8-h7v5

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-rfcr-9c2p-h4c8

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-p427-mqx7-2fch

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2435-5x6f-gxhq

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

1%
Низкий
больше 3 лет назад
github логотип
GHSA-35cm-vgq9-v4xx

Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-6wqg-hrhc-g2f4

Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles."

0%
Низкий
больше 3 лет назад
github логотип
GHSA-h377-8345-m527

Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-hgm2-x96p-g52q

Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2c95-h9c7-j48h

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-7rx8-fqcc-2mqg

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

1%
Низкий
больше 3 лет назад

Уязвимостей на страницу


Поделиться