Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
GHSA-wmx8-5mpf-g7gj
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
GHSA-27v4-jvv2-r77h
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
GHSA-j4cx-8j85-q6qg
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
GHSA-6mc3-64r4-75hq
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
GHSA-8mf3-mg88-jjf7
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.
GHSA-3cj6-xrqf-w8rv
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
GHSA-72fr-c7pw-pqmv
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
GHSA-464x-pxv9-7m7h
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
GHSA-wp7g-r4mw-j38q
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
GHSA-jrg6-fc48-2465
Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-wmx8-5mpf-g7gj Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. | 0% Низкий | больше 3 лет назад | |
| GHSA-27v4-jvv2-r77h SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. | 1% Низкий | больше 3 лет назад | |
| GHSA-j4cx-8j85-q6qg The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. | 0% Низкий | больше 3 лет назад | |
| GHSA-6mc3-64r4-75hq Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-8mf3-mg88-jjf7 Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-3cj6-xrqf-w8rv Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-72fr-c7pw-pqmv Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. | 0% Низкий | больше 3 лет назад | |
| GHSA-464x-pxv9-7m7h The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-wp7g-r4mw-j38q Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. | 0% Низкий | больше 3 лет назад | |
| GHSA-jrg6-fc48-2465 Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу