Drupal

Drupal

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2011-2714

  • EPSS 0.49%
  • Veröffentlicht 14.01.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 01:28:49

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

9.8

CVE-2011-2715

  • EPSS 0.59%
  • Veröffentlicht 14.01.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 01:28:49

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

7.5

CVE-2011-2726

  • EPSS 0.38%
  • Veröffentlicht 15.11.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 01:28:50

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory ...

4.8

CVE-2010-2472

  • EPSS 0.59%
  • Veröffentlicht 07.11.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 01:16:44

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scri...

6.5

CVE-2010-2473

  • EPSS 0.37%
  • Veröffentlicht 07.11.2019 19:15:12
  • Zuletzt bearbeitet 21.11.2024 01:16:44

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.

6.1

CVE-2010-2250

  • EPSS 0.73%
  • Veröffentlicht 07.11.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 01:16:14

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

6.1

CVE-2010-2471

  • EPSS 0.55%
  • Veröffentlicht 06.11.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 01:16:44

Drupal versions 5.x and 6.x has open redirection

6.1

CVE-2019-11876

Exploit
  • EPSS 0.21%
  • Veröffentlicht 24.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:56

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and ...

5.4

CVE-2019-10909

  • EPSS 0.63%
  • Veröffentlicht 16.05.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:06

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

9.8

CVE-2019-10910

Exploit
  • EPSS 18.15%
  • Veröffentlicht 16.05.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:07

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-inject...