Логотип exploitDog
product: "drupal"
Консоль
Логотип exploitDog

exploitDog

product: "drupal"
Поиск уязвимостей по источнику БДУ ФСТЭК

БДУ ФСТЭК

Поиск уязвимостей по источнику Microsoft MSRC

Microsoft MSRC

Поиск уязвимостей по источнику NVD

NVD

Поиск уязвимостей по источнику Oracle ELSA

Oracle ELSA

Поиск уязвимостей по источнику Red Hat CVE

Red Hat CVE

Поиск уязвимостей по источнику РЕД ОС

РЕД ОС

Поиск уязвимостей по источнику Rocky RLSA

Rocky RLSA

Поиск уязвимостей по источнику SUSE CVRF

SUSE CVRF

Поиск уязвимостей по источнику Ubuntu

Ubuntu

Поиск уязвимостей по источнику Debian

Debian

Поиск уязвимостей по источнику Github

Github

Количество 1 975

Количество 1 975

redhat логотип

CVE-2010-5312

почти 15 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2010-5312

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS3: 6.1
EPSS: Низкий
debian логотип

CVE-2010-5312

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2005-1921

около 20 лет назад

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS2: 7.5
EPSS: Высокий
redhat логотип

CVE-2005-1921

около 20 лет назад

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

EPSS: Высокий
nvd логотип

CVE-2005-1921

около 20 лет назад

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS2: 7.5
EPSS: Высокий
debian логотип

CVE-2005-1921

около 20 лет назад

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XM ...

CVSS2: 7.5
EPSS: Высокий
fstec логотип

BDU:2019-01955

около 7 лет назад

Уязвимость компонента HttpFoundation фреймворка Symfony, связанная с ошибками обработки HTTP-загловков, позволяющая нарушителю оказать воздействие на целостность защищаемых данных

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2016-5385

около 9 лет назад

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 8.1
EPSS: Высокий
redhat логотип

CVE-2016-5385

около 9 лет назад

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 5
EPSS: Высокий
nvd логотип

CVE-2016-5385

около 9 лет назад

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 8.1
EPSS: Высокий
debian логотип

CVE-2016-5385

около 9 лет назад

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...

CVSS3: 8.1
EPSS: Высокий
fstec логотип

BDU:2022-02391

больше 3 лет назад

Уязвимость модуля Advanced Content Filter WYSIWYG-редактора CKEditor , позволяющая нарушителю обойти существующую политику ограничения доступа для HTML-элементов

CVSS3: 5.4
EPSS: Низкий
fstec логотип

BDU:2022-02008

больше 3 лет назад

Уязвимость модуля обработки HTML-страниц WYSIWYG-редактора CKEditor, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

CVSS3: 8.2
EPSS: Низкий
fstec логотип

BDU:2020-01708

около 6 лет назад

Уязвимость пакета PharStreamWrapper системы управления контентом TYPO3, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 7.3
EPSS: Низкий
fstec логотип

BDU:2021-05279

больше 4 лет назад

Уязвимость файла Tar.php пакета Archive_Tar библиотеки классов PHP PEAR, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных

CVSS3: 7.5
EPSS: Высокий
github логотип

GHSA-4fc4-4p5g-6w89

больше 3 лет назад

Cross-site Scripting in CKEditor4

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2022-24729

больше 3 лет назад

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

CVSS3: 6.5
EPSS: Низкий
nvd логотип

CVE-2022-24729

больше 3 лет назад

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

CVSS3: 6.5
EPSS: Низкий
debian логотип

CVE-2022-24729

больше 3 лет назад

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
redhat логотип
CVE-2010-5312

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS2: 4.3
5%
Низкий
почти 15 лет назад
nvd логотип
CVE-2010-5312

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS3: 6.1
5%
Низкий
больше 10 лет назад
debian логотип
CVE-2010-5312

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...

CVSS3: 6.1
5%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS2: 7.5
87%
Высокий
около 20 лет назад
redhat логотип
CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

87%
Высокий
около 20 лет назад
nvd логотип
CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS2: 7.5
87%
Высокий
около 20 лет назад
debian логотип
CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XM ...

CVSS2: 7.5
87%
Высокий
около 20 лет назад
fstec логотип
BDU:2019-01955

Уязвимость компонента HttpFoundation фреймворка Symfony, связанная с ошибками обработки HTTP-загловков, позволяющая нарушителю оказать воздействие на целостность защищаемых данных

CVSS3: 6.5
3%
Низкий
около 7 лет назад
ubuntu логотип
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 8.1
82%
Высокий
около 9 лет назад
redhat логотип
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 5
82%
Высокий
около 9 лет назад
nvd логотип
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS3: 8.1
82%
Высокий
около 9 лет назад
debian логотип
CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...

CVSS3: 8.1
82%
Высокий
около 9 лет назад
fstec логотип
BDU:2022-02391

Уязвимость модуля Advanced Content Filter WYSIWYG-редактора CKEditor , позволяющая нарушителю обойти существующую политику ограничения доступа для HTML-элементов

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
fstec логотип
BDU:2022-02008

Уязвимость модуля обработки HTML-страниц WYSIWYG-редактора CKEditor, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

CVSS3: 8.2
0%
Низкий
больше 3 лет назад
fstec логотип
BDU:2020-01708

Уязвимость пакета PharStreamWrapper системы управления контентом TYPO3, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 7.3
1%
Низкий
около 6 лет назад
fstec логотип
BDU:2021-05279

Уязвимость файла Tar.php пакета Archive_Tar библиотеки классов PHP PEAR, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных

CVSS3: 7.5
76%
Высокий
больше 4 лет назад
github логотип
GHSA-4fc4-4p5g-6w89

Cross-site Scripting in CKEditor4

CVSS3: 5.4
1%
Низкий
больше 3 лет назад
ubuntu логотип
CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
nvd логотип
CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
debian логотип
CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...

CVSS3: 6.5
0%
Низкий
больше 3 лет назад

Уязвимостей на страницу