Drupal

Drupal

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1133

  • EPSS 0.39%
  • Veröffentlicht 04.03.2008 18:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

3.5

CVE-2008-1131

  • EPSS 0.25%
  • Veröffentlicht 04.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

4.3

CVE-2008-0462

  • EPSS 0.3%
  • Veröffentlicht 25.01.2008 16:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-0272

  • EPSS 0.3%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

4.3

CVE-2008-0273

  • EPSS 0.46%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Dr...

2.6

CVE-2008-0274

  • EPSS 0.65%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

4.3

CVE-2008-0276

  • EPSS 0.21%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

7.5

CVE-2007-6299

  • EPSS 1.41%
  • Veröffentlicht 10.12.2007 18:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1)...

3.5

CVE-2007-5621

  • EPSS 0.18%
  • Veröffentlicht 22.10.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart ...

6.8

CVE-2007-5593

  • EPSS 2.35%
  • Veröffentlicht 19.10.2007 23:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.