Количество 1 966
Количество 1 966
GHSA-j9pq-x44j-6p86
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
GHSA-j586-cj67-vg4p
Cross-Site Request Forgery in Drupal core
GHSA-j47j-5wh7-4gmm
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
GHSA-j3j6-6mpf-p2c4
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
GHSA-hxg2-5c8p-ppwm
Drupal has open redirect vulnerability in the Overlay module
GHSA-hw7f-w767-vqpp
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
GHSA-hqq6-wqq7-jgjq
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
GHSA-h7rp-276p-j58v
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
GHSA-h6w3-vjv8-9p4h
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-h492-8m63-wwhj
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
GHSA-h3r9-pjmr-f938
Drupal Brute force amplification attacks via XML-RPC
GHSA-h377-287m-w2r9
Drupal file REST resource does not properly validate
GHSA-gxxq-fhc7-3jv9
Drupal Cross-Site Request Forgery (CSRF)
GHSA-gx79-7p8q-959r
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
GHSA-gvf2-2f4g-jqf4
Drupal core contains a potential PHP Object Injection vulnerability
GHSA-gjqg-9rhv-qj67
Drupal Core Open Redirect vulnerability
GHSA-gfh7-vc32-58w3
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
GHSA-g8mw-h5hw-6g35
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
GHSA-g749-r93q-q2rq
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
GHSA-g36h-4jr6-qmm9
Improper input validation in Drupal core
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-j9pq-x44j-6p86 Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. | 1% Низкий | около 3 лет назад | |
| GHSA-j586-cj67-vg4p Cross-Site Request Forgery in Drupal core | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-j47j-5wh7-4gmm Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field. | 0% Низкий | около 3 лет назад | |
| GHSA-j3j6-6mpf-p2c4 Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | 20% Средний | около 3 лет назад | |
| GHSA-hxg2-5c8p-ppwm Drupal has open redirect vulnerability in the Overlay module | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-hw7f-w767-vqpp The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use. | 0% Низкий | около 3 лет назад | |
| GHSA-hqq6-wqq7-jgjq Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | 0% Низкий | около 3 лет назад | |
| GHSA-h7rp-276p-j58v Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | 0% Низкий | около 3 лет назад | |
| GHSA-h6w3-vjv8-9p4h Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-h492-8m63-wwhj Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | 0% Низкий | около 3 лет назад | |
| GHSA-h3r9-pjmr-f938 Drupal Brute force amplification attacks via XML-RPC | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-h377-287m-w2r9 Drupal file REST resource does not properly validate | CVSS3: 5.9 | 0% Низкий | около 3 лет назад |
| GHSA-gxxq-fhc7-3jv9 Drupal Cross-Site Request Forgery (CSRF) | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-gx79-7p8q-959r SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." | 1% Низкий | около 3 лет назад | |
| GHSA-gvf2-2f4g-jqf4 Drupal core contains a potential PHP Object Injection vulnerability | CVSS3: 9.8 | 3% Низкий | 6 месяцев назад |
| GHSA-gjqg-9rhv-qj67 Drupal Core Open Redirect vulnerability | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-gfh7-vc32-58w3 CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2% Низкий | около 3 лет назад | |
| GHSA-g8mw-h5hw-6g35 Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." | 0% Низкий | около 3 лет назад | |
| GHSA-g749-r93q-q2rq The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | 0% Низкий | около 3 лет назад | |
| GHSA-g36h-4jr6-qmm9 Improper input validation in Drupal core | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу