Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
GHSA-86rq-j7qh-jccc
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
GHSA-rrhw-3394-cj5f
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
GHSA-m4rx-8rj2-qhj2
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.
GHSA-5746-cvmj-7x62
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.
GHSA-6chq-45fq-p3pv
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.
GHSA-64rw-f427-xf6w
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.
GHSA-gx7f-xhxg-cvr3
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
GHSA-5vpr-v24w-mmjj
Drupal cross site scripting vulnerability
GHSA-wm86-w3cf-h6vm
Drupal external link injection vulnerability
GHSA-585j-5449-mf5m
Drupal cross-site scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-86rq-j7qh-jccc Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-rrhw-3394-cj5f Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-m4rx-8rj2-qhj2 The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-5746-cvmj-7x62 Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-6chq-45fq-p3pv Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | 0% Низкий | больше 3 лет назад | |
| GHSA-64rw-f427-xf6w Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | 0% Низкий | больше 3 лет назад | |
| GHSA-gx7f-xhxg-cvr3 Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. | 0% Низкий | больше 3 лет назад | |
| GHSA-5vpr-v24w-mmjj Drupal cross site scripting vulnerability | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-wm86-w3cf-h6vm Drupal external link injection vulnerability | CVSS3: 4.7 | 0% Низкий | больше 3 лет назад |
| GHSA-585j-5449-mf5m Drupal cross-site scripting vulnerability | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу