Vulnerabilidades em Drupal.org

9 resultados

CVE-2017-6920—Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects sEPSS 20.5%CVE-2017-6927—Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escapeEPSS 1.7%CVE-2017-6930—In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated versiEPSS 1.3%CVE-2017-6929—A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by thEPSS 1.3%CVE-2017-6926—In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not haveEPSS 1.2%CVE-2017-6932—Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerEPSS 1.2%CVE-2017-6931—In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that thEPSS 1.1%CVE-2017-6928—Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file befEPSS 1.1%CVE-2024-22362HIGHDrupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able tEPSS 0.8%