Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
CVE-2010-2250
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ...
CVE-2010-2250
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection
CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection
CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection
GHSA-v3f6-f29f-rgvp
Missing Authorization in Drupal
CVE-2019-11876
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.
CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
CVE-2019-10911
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2010-2250 Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ... | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
 | CVE-2010-2250 Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
 | CVE-2010-2471 Drupal versions 5.x and 6.x has open redirection | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
| CVE-2010-2471 Drupal versions 5.x and 6.x has open redirection | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
| CVE-2010-2471 Drupal versions 5.x and 6.x has open redirection | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
| GHSA-v3f6-f29f-rgvp Missing Authorization in Drupal | CVSS3: 6.5 | 1% Низкий | больше 6 лет назад |
| CVE-2019-11876 In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. | CVSS3: 6.1 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10911 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ... | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-10910 In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. | CVSS3: 9.8 | 13% Средний | больше 6 лет назад |
Уязвимостей на страницу