Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
GHSA-j3wh-59pg-frxr
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
GHSA-wvh2-7875-xq75
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
GHSA-cwqc-w7f5-59qr
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
GHSA-r549-2q8f-3qqw
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
GHSA-vm8q-pgwg-rc22
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
GHSA-hp4h-hxwc-hg5v
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.
GHSA-hjmg-8jw6-qj7r
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
GHSA-9xfg-6whq-qvgm
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
GHSA-2qgv-pgxc-xh7j
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
GHSA-rpw9-pxq9-mqx6
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-j3wh-59pg-frxr Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | 0% Низкий | почти 4 года назад | |
| GHSA-wvh2-7875-xq75 Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-cwqc-w7f5-59qr Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | 0% Низкий | почти 4 года назад | |
| GHSA-r549-2q8f-3qqw Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | почти 4 года назад | |
| GHSA-vm8q-pgwg-rc22 The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename. | 1% Низкий | почти 4 года назад | |
| GHSA-hp4h-hxwc-hg5v Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | почти 4 года назад | |
| GHSA-hjmg-8jw6-qj7r Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | 0% Низкий | почти 4 года назад | |
| GHSA-9xfg-6whq-qvgm Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | 1% Низкий | почти 4 года назад | |
| GHSA-2qgv-pgxc-xh7j The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-rpw9-pxq9-mqx6 Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу