Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
52 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
53 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
54 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
55 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
56 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
57 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 6.1
4.3 		MEDIUM
Network 		A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. CWE-79
Cross-site Scripting 		CVE-2011-2714 cpe:2.3:a:drupal:drupal:6.20:* 2024-11-21 10:28
2020-01-15 		Show GitHub Exploit DB Packet Storm
52 7.5
5.0 		HIGH
Network 		An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individua… CWE-863
 Incorrect Authorization 		CVE-2011-2726 cpe:2.3:a:drupal:drupal:*:* 7.0 7.5 2024-11-21 10:28
2019-11-16 		Show GitHub Exploit DB Packet Storm
53 6.5
3.5 		MEDIUM
Network 		Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal s… CWE-20
 Improper Input Validation  		CVE-2010-2473 cpe:2.3:a:drupal:drupal:*:* 6.0
5.0

6.16
5.22 		2024-11-21 10:16
2019-11-8 		Show GitHub Exploit DB Packet Storm
54 4.8
3.5 		MEDIUM
Network 		Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which c… CWE-79
Cross-site Scripting 		CVE-2010-2472 cpe:2.3:a:drupal:drupal:*:* 6.0
5.0

6.16
5.22 		2024-11-21 10:16
2019-11-8 		Show GitHub Exploit DB Packet Storm
55 6.1
4.3 		MEDIUM
Network 		Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. CWE-79
Cross-site Scripting 		CVE-2010-2250 cpe:2.3:a:drupal:drupal:*:* 6.0
5.0

6.16
5.22 		2024-11-21 10:16
2019-11-8 		Show GitHub Exploit DB Packet Storm
56 6.1
5.8 		MEDIUM
Network 		Drupal versions 5.x and 6.x has open redirection CWE-601
Open Redirect 		CVE-2010-2471 cpe:2.3:a:drupal:drupal:*:* 6.0
5.0

6.16
5.22 		2024-11-21 10:16
2019-11-7 		Show GitHub Exploit DB Packet Storm
57 6.1
4.3 		MEDIUM
Network 		In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow th… CWE-79
Cross-site Scripting 		CVE-2019-11876 cpe:2.3:a:drupal:drupal:8.7.0:* 2024-11-21 13:21
2019-05-25 		Show GitHub Exploit DB Packet Storm
58 7.5
6.0 		HIGH
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with… CWE-287
Improper Authentication 		CVE-2019-10911 cpe:2.3:a:drupal:drupal:*:* 8.5.0
8.6.0

8.5.15
8.6.15 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
59 9.8
7.5 		CRITICAL
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code exec… CWE-89
SQL Injection 		CVE-2019-10910 cpe:2.3:a:drupal:drupal:*:* 8.5.0
8.6.0

8.5.15
8.6.15 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm
60 5.4
3.5 		MEDIUM
Network 		In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… CWE-79
Cross-site Scripting 		CVE-2019-10909 cpe:2.3:a:drupal:drupal:*:* 8.5.0
8.6.0

8.5.15
8.6.15 		2024-11-21 13:20
2019-05-17 		Show GitHub Exploit DB Packet Storm