Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal

Вендор: drupal

График релизов

Недавние уязвимости Drupal

Количество 1 975

GHSA-xg5q-c6fr-w959

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.

EPSS: Низкий

GHSA-x6w9-pvhr-m6fp

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.

EPSS: Низкий

GHSA-pcw5-cxvf-xpqx

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.

EPSS: Низкий

GHSA-qhg6-w2fh-6xfg

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

EPSS: Низкий

GHSA-qwh8-647p-vcqr

больше 3 лет назад

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

EPSS: Низкий

GHSA-wf53-3973-wc7h

больше 3 лет назад

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

EPSS: Низкий

GHSA-9g6q-jjw5-x5fw

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content.

EPSS: Низкий

GHSA-hf5h-vf88-c9cq

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий

GHSA-cq3q-q7wq-586q

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.

EPSS: Низкий

GHSA-jjm3-8pvp-p9w4

больше 3 лет назад

SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	EPSS	Опубликовано 1
GHSA-xg5q-c6fr-w959 Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.	1% Низкий	больше 3 лет назад
GHSA-x6w9-pvhr-m6fp Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.	1% Низкий	больше 3 лет назад
GHSA-pcw5-cxvf-xpqx Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.	1% Низкий	больше 3 лет назад
GHSA-qhg6-w2fh-6xfg Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.	0% Низкий	больше 3 лет назад
GHSA-qwh8-647p-vcqr Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	0% Низкий	больше 3 лет назад
GHSA-wf53-3973-wc7h Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.	0% Низкий	больше 3 лет назад
GHSA-9g6q-jjw5-x5fw Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content.	1% Низкий	больше 3 лет назад
GHSA-hf5h-vf88-c9cq Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	1% Низкий	больше 3 лет назад
GHSA-cq3q-q7wq-586q Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.	0% Низкий	больше 3 лет назад
GHSA-jjm3-8pvp-p9w4 SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	1% Низкий	больше 3 лет назад

Уязвимостей на страницу