|
61
|
6.1
5.8
|
MEDIUM
Network
|
Drupal versions 5.x and 6.x has open redirection
|
CWE-601
Open Redirect
|
CVE-2010-2471
|
cpe:2.3:a:drupal:drupal:*:*
|
6.0 5.0
|
|
|
6.16 5.22
|
2024-11-21 10:16
2019-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
6.1
4.3
|
MEDIUM
Network
|
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow th…
|
CWE-79
Cross-site Scripting
|
CVE-2019-11876
|
cpe:2.3:a:drupal:drupal:8.7.0:*
|
|
|
|
|
2024-11-21 13:21
2019-05-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
7.5
6.0
|
HIGH
Network
|
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with…
|
CWE-287
Improper Authentication
|
CVE-2019-10911
|
cpe:2.3:a:drupal:drupal:*:*
|
8.5.0 8.6.0
|
|
|
8.5.15 8.6.15
|
2024-11-21 13:20
2019-05-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
9.8
7.5
|
CRITICAL
Network
|
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code exec…
|
CWE-89
SQL Injection
|
CVE-2019-10910
|
cpe:2.3:a:drupal:drupal:*:*
|
8.5.0 8.6.0
|
|
|
8.5.15 8.6.15
|
2024-11-21 13:20
2019-05-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
5.4
3.5
|
MEDIUM
Network
|
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2019-10909
|
cpe:2.3:a:drupal:drupal:*:*
|
8.5.0 8.6.0
|
|
|
8.5.15 8.6.15
|
2024-11-21 13:20
2019-05-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
9.8
7.5
|
CRITICAL
Network
|
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protec…
|
CWE-22 CWE-502
Path Traversal Deserialization of Untrusted Data
|
CVE-2019-11831
|
cpe:2.3:a:drupal:drupal:*:*
|
8.7.0 8.6.0 7.0
|
|
|
8.7.1 8.6.16 7.67
|
2024-11-21 13:21
2019-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
6.1
4.3
|
MEDIUM
Network
|
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an e…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2019-11358
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.5.0 8.6.0
|
|
|
7.66 8.5.15 8.6.15
|
2024-11-21 13:20
2019-04-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
5.4
3.5
|
MEDIUM
Network
|
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a …
|
CWE-79
Cross-site Scripting
|
CVE-2019-6341
|
cpe:2.3:a:drupal:drupal:*:*
|
7.0 8.5.0 8.6.0
|
|
|
7.65 8.5.14 8.6.13
|
2024-11-21 13:46
2019-03-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
8.1
6.8
|
HIGH
Network
|
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6340
|
cpe:2.3:a:drupal:drupal:*:*
|
8.6.0 8.5.0
|
|
|
8.6.10 8.5.11
|
2024-11-21 13:46
2019-02-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
6.5
4.0
|
MEDIUM
Network
|
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpo…
|
CWE-862
Missing Authorization
|
CVE-2017-6923
|
cpe:2.3:a:drupal:drupal:*:*
|
8.0.0
|
8.3.7
|
|
|
2024-11-21 12:30
2019-01-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|