Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 975
GHSA-c95f-chrx-p6r4
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting.
GHSA-v5qh-69hw-34f2
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title.
GHSA-m2ph-27r6-5vhw
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
GHSA-89wj-7cp8-4rm4
Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
GHSA-6wfv-35f7-4956
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
GHSA-9r9r-237v-592p
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
GHSA-hwcj-9fm4-hp57
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
GHSA-m39x-8hp2-rvf4
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
GHSA-m96w-952f-wcxp
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
GHSA-3c67-5778-ch7c
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-c95f-chrx-p6r4 Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. | 0% Низкий | больше 3 лет назад | |
| GHSA-v5qh-69hw-34f2 Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. | 0% Низкий | больше 3 лет назад | |
| GHSA-m2ph-27r6-5vhw Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-89wj-7cp8-4rm4 Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | 0% Низкий | больше 3 лет назад | |
| GHSA-6wfv-35f7-4956 Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | 0% Низкий | больше 3 лет назад | |
| GHSA-9r9r-237v-592p The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-hwcj-9fm4-hp57 Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. | 0% Низкий | больше 3 лет назад | |
| GHSA-m39x-8hp2-rvf4 The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | 0% Низкий | больше 3 лет назад | |
| GHSA-m96w-952f-wcxp The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | 0% Низкий | больше 3 лет назад | |
| GHSA-3c67-5778-ch7c Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу