Drupal

Drupal

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-6379

  • EPSS 0.25%
  • Veröffentlicht 16.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

8.1

CVE-2017-6381

  • EPSS 3.56%
  • Veröffentlicht 16.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies ...

6.5

CVE-2016-9452

  • EPSS 0.8%
  • Veröffentlicht 25.11.2016 18:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.

6.8

CVE-2016-9451

  • EPSS 0.2%
  • Veröffentlicht 25.11.2016 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

7.5

CVE-2016-9450

  • EPSS 0.28%
  • Veröffentlicht 25.11.2016 18:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

4.3

CVE-2016-9449

  • EPSS 0.37%
  • Veröffentlicht 25.11.2016 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.

4.3

CVE-2016-7572

  • EPSS 0.32%
  • Veröffentlicht 03.10.2016 18:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

6.1

CVE-2016-7571

  • EPSS 0.51%
  • Veröffentlicht 03.10.2016 18:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.

4.3

CVE-2016-7570

  • EPSS 0.47%
  • Veröffentlicht 03.10.2016 18:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

5.3

CVE-2016-6212

  • EPSS 0.41%
  • Veröffentlicht 09.09.2016 14:05:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.