Количество 1 988
Количество 1 988
GHSA-8q2j-8pc6-8c5r
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
GHSA-8mvq-8h2v-j9vf
Drupal Core Cross-Site Scripting (XSS)
GHSA-8jj2-x2gc-ggm7
Drupal Core Cross-site scripting vulnerability
GHSA-8j8f-9c88-qr6w
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.
GHSA-8cw5-rv98-5c46
Arbitrary PHP code execution in Drupal
GHSA-8849-cv9f-vccm
Access bypass in Drupal core
GHSA-86rq-j7qh-jccc
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
GHSA-83v7-c2cf-p9c2
Drupal core allows Forceful Browsing
GHSA-836p-6p4j-35cg
Drupal Open Redirect
GHSA-8335-5x6w-v3pw
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
GHSA-82c6-j98m-2vfw
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
GHSA-7q56-gvfr-6f9w
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
GHSA-7pvf-533w-5xpj
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
GHSA-7jr4-hgqx-vwgq
Access bypass in Drupal core
GHSA-7j65-7v4p-q259
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
GHSA-7fh9-933g-885p
Drupal Core Remote Code Execution Vulnerability
GHSA-7ffh-cjvg-fpr4
Drupal Settings Tray access bypass
GHSA-7ffg-g538-4c8c
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.
GHSA-7ff4-pff4-jj4c
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
GHSA-7cwc-fjqm-8vh8
Drupal core Access bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-8q2j-8pc6-8c5r The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | 0% Низкий | больше 3 лет назад | |
| GHSA-8mvq-8h2v-j9vf Drupal Core Cross-Site Scripting (XSS) | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| GHSA-8jj2-x2gc-ggm7 Drupal Core Cross-site scripting vulnerability | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-8j8f-9c88-qr6w The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. | 1% Низкий | больше 3 лет назад | |
| GHSA-8cw5-rv98-5c46 Arbitrary PHP code execution in Drupal | CVSS3: 9.8 | 81% Высокий | почти 4 года назад |
| GHSA-8849-cv9f-vccm Access bypass in Drupal core | 0% Низкий | больше 2 лет назад | |
| GHSA-86rq-j7qh-jccc Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-83v7-c2cf-p9c2 Drupal core allows Forceful Browsing | 0% Низкий | около 1 месяца назад | |
| GHSA-836p-6p4j-35cg Drupal Open Redirect | CVSS3: 7.4 | 1% Низкий | больше 3 лет назад |
| GHSA-8335-5x6w-v3pw Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. | 0% Низкий | больше 3 лет назад | |
| GHSA-82c6-j98m-2vfw Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | 0% Низкий | больше 3 лет назад | |
| GHSA-7q56-gvfr-6f9w modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | 1% Низкий | больше 3 лет назад | |
| GHSA-7pvf-533w-5xpj Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." | 1% Низкий | больше 3 лет назад | |
| GHSA-7jr4-hgqx-vwgq Access bypass in Drupal core | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| GHSA-7j65-7v4p-q259 Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | 0% Низкий | больше 3 лет назад | |
| GHSA-7fh9-933g-885p Drupal Core Remote Code Execution Vulnerability | CVSS3: 9.8 | 94% Критический | больше 3 лет назад |
| GHSA-7ffh-cjvg-fpr4 Drupal Settings Tray access bypass | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-7ffg-g538-4c8c The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-7ff4-pff4-jj4c Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | 2% Низкий | больше 3 лет назад | |
| GHSA-7cwc-fjqm-8vh8 Drupal core Access bypass | 0% Низкий | около 1 года назад |
Уязвимостей на страницу