|
51
|
9.8
6.8
|
CRITICAL
Network
|
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release oth…
|
NVD-CWE-noinfo
|
CVE-2019-6342
|
cpe:2.3:a:drupal:drupal:8.7.4:*
|
|
|
|
|
2024-11-21 13:46
2020-05-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
6.1
4.3
|
MEDIUM
Network
|
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11022
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.7.0 8.8.0
|
|
|
7.70 8.7.14 8.8.6
|
2026-04-14 00:16
2020-04-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
6.1
4.3
|
MEDIUM
Network
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation m…
|
-
|
CVE-2020-11023
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.7.0 8.8.0
|
|
|
7.70 8.7.14 8.8.6
|
2024-11-21 13:56
2020-04-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
6.1
4.3
|
MEDIUM
Network
|
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with t…
|
CWE-79
Cross-site Scripting
|
CVE-2020-9281
|
cpe:2.3:a:drupal:drupal:*:*
|
8.8.0 8.7.0
|
|
|
8.8.4 8.7.12
|
2024-11-21 14:40
2020-03-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
9.8
7.5
|
CRITICAL
Network
|
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
|
CWE-89
SQL Injection
|
CVE-2011-2715
|
cpe:2.3:a:drupal:drupal:6.20:*
|
|
|
|
|
2024-11-21 10:28
2020-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
6.1
4.3
|
MEDIUM
Network
|
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
|
CWE-79
Cross-site Scripting
|
CVE-2011-2714
|
cpe:2.3:a:drupal:drupal:6.20:*
|
|
|
|
|
2024-11-21 10:28
2020-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
7.5
5.0
|
HIGH
Network
|
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individua…
|
CWE-863
Incorrect Authorization
|
CVE-2011-2726
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0
|
|
|
7.5
|
2024-11-21 10:28
2019-11-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
6.5
3.5
|
MEDIUM
Network
|
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal s…
|
CWE-20
Improper Input Validation
|
CVE-2010-2473
|
cpe:2.3:a:drupal:drupal:*:*
|
6.0 5.0
|
|
|
6.16 5.22
|
2024-11-21 10:16
2019-11-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
4.8
3.5
|
MEDIUM
Network
|
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which c…
|
CWE-79
Cross-site Scripting
|
CVE-2010-2472
|
cpe:2.3:a:drupal:drupal:*:*
|
6.0 5.0
|
|
|
6.16 5.22
|
2024-11-21 10:16
2019-11-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
6.1
4.3
|
MEDIUM
Network
|
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
|
CWE-79
Cross-site Scripting
|
CVE-2010-2250
|
cpe:2.3:a:drupal:drupal:*:*
|
6.0 5.0
|
|
|
6.16 5.22
|
2024-11-21 10:16
2019-11-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|