Drupal

Drupal

266 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-1133

  • EPSS 0.39%
  • Published 04.03.2008 18:44:00
  • Last modified 09.04.2025 00:30:58

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

3.5

CVE-2008-1131

  • EPSS 0.25%
  • Published 04.03.2008 00:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

4.3

CVE-2008-0462

  • EPSS 0.3%
  • Published 25.01.2008 16:00:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-0272

  • EPSS 0.3%
  • Published 15.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

4.3

CVE-2008-0273

  • EPSS 0.46%
  • Published 15.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Dr...

2.6

CVE-2008-0274

  • EPSS 0.65%
  • Published 15.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

4.3

CVE-2008-0276

  • EPSS 0.21%
  • Published 15.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

7.5

CVE-2007-6299

  • EPSS 1.41%
  • Published 10.12.2007 18:46:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1)...

3.5

CVE-2007-5621

  • EPSS 0.18%
  • Published 22.10.2007 19:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart ...

6.8

CVE-2007-5593

  • EPSS 2.35%
  • Published 19.10.2007 23:17:00
  • Last modified 09.04.2025 00:30:58

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.