|
221
|
-
4.3
|
MEDIUM
|
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by upload…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5596
|
cpe:2.3:a:drupal:drupal:*:*
|
4.7.0 5.0
|
|
|
4.7.8 5.3
|
2026-04-23 09:35
2007-10-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
-
4.3
|
MEDIUM
|
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5597
|
cpe:2.3:a:drupal:drupal:*:*
|
4.7.0 5.0
|
|
|
4.7.8 5.3
|
2026-04-23 09:35
2007-10-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
-
6.8
|
MEDIUM
|
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers t…
|
CWE-189
Numeric Errors
|
CVE-2007-5416
|
cpe:2.3:a:drupal:drupal:*:*
|
|
5.2
|
|
|
2026-04-23 09:35
2007-10-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
-
4.3
|
MEDIUM
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileg…
|
NVD-CWE-Other
|
CVE-2007-4063
|
cpe:2.3:a:drupal:drupal:5.1_rev1.1:* cpe:2.3:a:drupal:drupal:5.1:* cpe:2.3:a:drupal:drupal:5.0:*
|
|
|
|
|
2026-04-23 09:35
2007-07-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
-
4.3
|
MEDIUM
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," in…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4064
|
cpe:2.3:a:drupal:drupal:5.1:* cpe:2.3:a:drupal:drupal:5.0:* cpe:2.3:a:drupal:drupal:4.7_rev1.15:* cpe:2.3:a:dr…
|
|
|
|
|
2026-04-23 09:35
2007-07-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
-
5.0
|
MEDIUM
|
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the …
|
NVD-CWE-Other
|
CVE-2007-0658
|
cpe:2.3:a:drupal:drupal:5.1:* cpe:2.3:a:drupal:drupal:5.0:* cpe:2.3:a:drupal:drupal:4.7_rev1.15:* cpe:2.3:a:dr…
|
|
|
|
|
2026-04-23 09:35
2007-02-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
-
6.5
|
MEDIUM
|
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input …
|
NVD-CWE-noinfo
|
CVE-2007-0626
|
cpe:2.3:a:drupal:drupal:*:*
|
5.0
|
|
4.7.0
|
4.7.6 5.1
|
2026-04-23 09:35
2007-02-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
-
4.3
|
MEDIUM
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) …
|
CWE-79
Cross-site Scripting
|
CVE-2007-0136
|
cpe:2.3:a:drupal:drupal:*:*
|
4.6.0 4.7.0
|
|
|
4.6.11 4.7.5
|
2026-04-23 09:35
2007-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
-
3.5
|
LOW
|
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified…
|
NVD-CWE-Other
|
CVE-2007-0124
|
cpe:2.3:a:drupal:drupal:4.7:* cpe:2.3:a:drupal:drupal:4.7.4:* cpe:2.3:a:drupal:drupal:4.7.3:* cpe:2.3:a:drupal…
|
|
|
|
|
2026-04-23 09:35
2007-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
-
6.8
|
MEDIUM
|
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted …
|
NVD-CWE-Other
|
CVE-2006-5475
|
cpe:2.3:a:drupal:drupal:4.7.3:* cpe:2.3:a:drupal:drupal:4.7.2:* cpe:2.3:a:drupal:drupal:4.7.1:* cpe:2.3:a:drup…
|
|
|
|
|
2026-04-23 09:35
2006-10-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|