Drupal

Drupal

266 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2011-2714

  • EPSS 0.49%
  • Published 14.01.2020 22:15:11
  • Last modified 21.11.2024 01:28:49

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

9.8

CVE-2011-2715

  • EPSS 0.59%
  • Published 14.01.2020 22:15:11
  • Last modified 21.11.2024 01:28:49

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

7.5

CVE-2011-2726

  • EPSS 0.38%
  • Published 15.11.2019 17:15:12
  • Last modified 21.11.2024 01:28:50

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory ...

4.8

CVE-2010-2472

  • EPSS 0.59%
  • Published 07.11.2019 19:15:12
  • Last modified 21.11.2024 01:16:44

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scri...

6.5

CVE-2010-2473

  • EPSS 0.37%
  • Published 07.11.2019 19:15:12
  • Last modified 21.11.2024 01:16:44

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.

6.1

CVE-2010-2250

  • EPSS 0.73%
  • Published 07.11.2019 18:15:11
  • Last modified 21.11.2024 01:16:14

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

6.1

CVE-2010-2471

  • EPSS 0.55%
  • Published 06.11.2019 18:15:10
  • Last modified 21.11.2024 01:16:44

Drupal versions 5.x and 6.x has open redirection

6.1

CVE-2019-11876

Exploit
  • EPSS 0.21%
  • Published 24.05.2019 16:29:00
  • Last modified 21.11.2024 04:21:56

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and ...

5.4

CVE-2019-10909

  • EPSS 0.63%
  • Published 16.05.2019 22:29:00
  • Last modified 21.11.2024 04:20:06

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

9.8

CVE-2019-10910

Exploit
  • EPSS 18.15%
  • Published 16.05.2019 22:29:00
  • Last modified 21.11.2024 04:20:07

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-inject...