Software Detail

Software Informaton Top

CMS

Software Detail

Drupal

Number Of NVD

249

CRITICAL

HIGH

MEDIUM

158

LOW

URL	https://www.drupal.org/
Explanation	Drupal is an open source Content Management System (CMS). Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag	GPL v2 GPL v3 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.drupal.org/download
2			https://www.drupal.org/project/drupal/releases
3			https://github.com/drupal/drupal
4			https://www.drupal.org/about/drupal6-eol
5			https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
171	Drupal 10	10.6.0-beta1	Nov. 25, 2025	Dec. 15, 2022		1	1	1	0
172	Drupal 9	9.5.11	Sept. 20, 2023	June 3, 2020		3	20	19	0
173	Drupal 8	8.9.20	Nov. 17, 2021	June 3, 2020	Nov. 30, 2021	11	29	35	0
174	Drupal 7	7.103	Dec. 4, 2024	Jan. 5, 2011	Nov. 30, 2021	4	18	64	7
175	Drupal 6	6.38	Feb. 24, 2016	Feb. 13, 2008	Feb. 24, 2016	2	10	57	13
176	Drupal 5	5.23	Aug. 11, 2010	Jan. 15, 2007	Jan. 6, 2011	1	5	39	7
177	Drupal 4	4.7.11	Jan. 10, 2008	June 15, 2002	Jan. 1, 1900	1	7	33	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
171	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inje…	CWE-79 Cross-site Scripting	CVE-2009-4370	cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:drupal:6.8:* cpe:2.3:a:drupal:drupal:6.7:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-12-22	Show	GitHub Exploit DB Packet Storm

172	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote a…	CWE-79 Cross-site Scripting	CVE-2009-4369	cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:drupal:6.8:* cpe:2.3:a:drupal:drupal:6.7:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-12-22	Show	GitHub Exploit DB Packet Storm

173	- 10.0	HIGH	Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2009-3352	cpe:2.3:a:drupal:drupal::	5.0	7.0	2026-04-23 09:35 2009-09-25	Show	GitHub Exploit DB Packet Storm

174	- 4.3	MEDIUM	Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read…	CWE-255 Credentials Management	CVE-2009-2374	cpe:2.3:a:drupal:drupal::	5.0 6.0	5.19 6.13	2026-04-23 09:35 2009-07-9	Show	GitHub Exploit DB Packet Storm

175	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2009-2373	cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:drupal:6.8:* cpe:2.3:a:drupal:drupal:6.7:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-07-9	Show	GitHub Exploit DB Packet Storm

176	- 6.5	MEDIUM	Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote auth…	CWE-94 Code Injection	CVE-2009-2372	cpe:2.3:a:drupal:drupal::	6.0	6.13	2026-04-23 09:35 2009-07-9	Show	GitHub Exploit DB Packet Storm

177	- 3.5	LOW	Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte se…	CWE-79 Cross-site Scripting	CVE-2009-1844	cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:drupal:6.8:* cpe:2.3:a:drupal:drupal:6.7:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-06-1	Show	GitHub Exploit DB Packet Storm

178	- 4.3	MEDIUM	Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims i…	NVD-CWE-noinfo	CVE-2009-1576	cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:drupal:6.8:* cpe:2.3:a:drupal:drupal:6.7:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-05-7	Show	GitHub Exploit DB Packet Storm

179	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted U…	CWE-79 Cross-site Scripting	CVE-2009-1575	cpe:2.3:a:drupal:drupal:6:beta1 cpe:2.3:a:drupal:drupal:6:* cpe:2.3:a:drupal:drupal:6.9:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-05-7	Show	GitHub Exploit DB Packet Storm

180	- 4.3	MEDIUM	Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to c…	CWE-79 Cross-site Scripting	CVE-2008-6533	cpe:2.3:a:drupal:drupal:6.6:* cpe:2.3:a:drupal:drupal:6.5:* cpe:2.3:a:drupal:drupal:6.4:* cpe:2.3:a:drupal:dru…			2026-04-23 09:35 2009-03-27	Show	GitHub Exploit DB Packet Storm