Количество 1 966
Количество 1 966
GHSA-6vg8-8jg2-mmpm
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
GHSA-6rmq-x2hv-vxpp
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
GHSA-6jcc-mv8v-q34f
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.
GHSA-6hpj-9xj7-2jxx
Drupal access control bypass vulnerability
GHSA-6gwp-wc84-3h4m
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
GHSA-6g9h-6v79-w4pc
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
GHSA-6cj8-c359-p7q9
Drupal vulnerable to Cross-site Scripting
GHSA-69w7-38mj-9qxx
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
GHSA-6955-67hm-vjjq
Drupal core arbitrary PHP code execution
GHSA-68jc-v27h-vhmw
Drupal core Unrestricted Upload of File with Dangerous Type
GHSA-68h9-7525-2j7f
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
GHSA-66mv-q8r2-hj8w
Drupal access bypass vulnerability
GHSA-66gr-xrcf-8jpq
Drupal Open Redirect
GHSA-648w-fmj6-586x
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-62cf-jvpp-48q6
Drupal Denial of Service vulnerability
GHSA-5vpr-v24w-mmjj
Drupal cross site scripting vulnerability
GHSA-5jj7-fw29-87vx
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
GHSA-5gv4-95g8-gfc6
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
GHSA-58f3-cx8p-h8jg
Drupal core access bypass vulnerability
GHSA-585j-5449-mf5m
Drupal cross-site scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-6vg8-8jg2-mmpm Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5% Низкий | около 3 лет назад | |
| GHSA-6rmq-x2hv-vxpp Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data | CVSS3: 8 | 1% Низкий | больше 5 лет назад |
| GHSA-6jcc-mv8v-q34f Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | 1% Низкий | около 3 лет назад | |
| GHSA-6hpj-9xj7-2jxx Drupal access control bypass vulnerability | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-6gwp-wc84-3h4m Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | 1% Низкий | около 3 лет назад | |
| GHSA-6g9h-6v79-w4pc Drupal Users without "Administer comments" can set comment visibility on nodes they can edit | CVSS3: 4.3 | 1% Низкий | около 3 лет назад |
| GHSA-6cj8-c359-p7q9 Drupal vulnerable to Cross-site Scripting | 1% Низкий | около 3 лет назад | |
| GHSA-69w7-38mj-9qxx Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | 1% Низкий | около 3 лет назад | |
| GHSA-6955-67hm-vjjq Drupal core arbitrary PHP code execution | CVSS3: 7.2 | 0% Низкий | почти 3 года назад |
| GHSA-68jc-v27h-vhmw Drupal core Unrestricted Upload of File with Dangerous Type | CVSS3: 8.8 | 4% Низкий | больше 3 лет назад |
| GHSA-68h9-7525-2j7f install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | 2% Низкий | около 3 лет назад | |
| GHSA-66mv-q8r2-hj8w Drupal access bypass vulnerability | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-66gr-xrcf-8jpq Drupal Open Redirect | CVSS3: 6.8 | 0% Низкий | около 3 лет назад |
| GHSA-648w-fmj6-586x Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-62cf-jvpp-48q6 Drupal Denial of Service vulnerability | 0% Низкий | больше 1 года назад | |
| GHSA-5vpr-v24w-mmjj Drupal cross site scripting vulnerability | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-5jj7-fw29-87vx Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-5gv4-95g8-gfc6 The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | 0% Низкий | около 3 лет назад | |
| GHSA-58f3-cx8p-h8jg Drupal core access bypass vulnerability | CVSS3: 6.5 | 1% Низкий | около 3 лет назад |
| GHSA-585j-5449-mf5m Drupal cross-site scripting vulnerability | CVSS3: 6.1 | 2% Низкий | около 3 лет назад |
Уязвимостей на страницу