Логотип exploitDog
product: "drupal"
Консоль
Логотип exploitDog

exploitDog

product: "drupal"
Drupal

Drupalсистема управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.

Релизный цикл, информация об уязвимостях

Продукт: Drupal
Вендор: drupal

График релизов

11.210.511.310.6202520262027

Недавние уязвимости Drupal

Количество 1 988

ubuntu логотип

CVE-2021-41182

больше 4 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-j7qv-pgf6-hvh4

больше 4 лет назад

XSS in `*Text` options of the Datepicker widget in jquery-ui

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-gpqq-952q-5327

больше 4 лет назад

XSS in the `of` option of the `.position()` util in jquery-ui

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-9gj3-hwp5-pmwc

больше 4 лет назад

XSS in the `altField` option of the Datepicker widget in jquery-ui

CVSS3: 6.5
EPSS: Средний
redhat логотип

CVE-2021-41183

больше 4 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVSS3: 6.5
EPSS: Низкий
redhat логотип

CVE-2021-41182

больше 4 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVSS3: 6.5
EPSS: Средний
redhat логотип

CVE-2021-41184

больше 4 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVSS3: 6.5
EPSS: Средний
github логотип

GHSA-68jc-v27h-vhmw

больше 4 лет назад

Drupal core Unrestricted Upload of File with Dangerous Type

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-xv7v-rf6g-xwrc

больше 4 лет назад

Directory Traversal in typo3/phar-stream-wrapper

CVSS3: 9.8
EPSS: Средний
suse-cvrf логотип

openSUSE-SU-2021:1267-1

больше 4 лет назад

Security update for php7-pear

EPSS: Высокий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVSS3: 6.5
19%
Средний
больше 4 лет назад
github логотип
GHSA-j7qv-pgf6-hvh4

XSS in `*Text` options of the Datepicker widget in jquery-ui

CVSS3: 6.5
3%
Низкий
больше 4 лет назад
github логотип
GHSA-gpqq-952q-5327

XSS in the `of` option of the `.position()` util in jquery-ui

CVSS3: 6.5
22%
Средний
больше 4 лет назад
github логотип
GHSA-9gj3-hwp5-pmwc

XSS in the `altField` option of the Datepicker widget in jquery-ui

CVSS3: 6.5
19%
Средний
больше 4 лет назад
redhat логотип
CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVSS3: 6.5
3%
Низкий
больше 4 лет назад
redhat логотип
CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVSS3: 6.5
19%
Средний
больше 4 лет назад
redhat логотип
CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVSS3: 6.5
22%
Средний
больше 4 лет назад
github логотип
GHSA-68jc-v27h-vhmw

Drupal core Unrestricted Upload of File with Dangerous Type

CVSS3: 8.8
5%
Низкий
больше 4 лет назад
github логотип
GHSA-xv7v-rf6g-xwrc

Directory Traversal in typo3/phar-stream-wrapper

CVSS3: 9.8
11%
Средний
больше 4 лет назад
suse-cvrf логотип
openSUSE-SU-2021:1267-1

Security update for php7-pear

71%
Высокий
больше 4 лет назад

Уязвимостей на страницу

Поделиться