Exposure of Drupal

CMS

259

exposure score

100,544

sites use

4

exploited

8

critical

CVEs

84 results

CVE-2019-6342—Drupal core - Critical - Access bypass - SA-CORE-2019-008EPSS 1.6%CVE-2011-2726—An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entiEPSS 1.6%CVE-2011-3373—Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has hadEPSS 1.3%CVE-2017-6930—In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated versiEPSS 1.3%CVE-2020-13665—Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FAEPSS 1.3%CVE-2017-6929—A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by thEPSS 1.3%CVE-2017-6926—In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not haveEPSS 1.2%CVE-2017-6932—Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerEPSS 1.2%CVE-2010-2471—Drupal versions 5.x and 6.x has open redirectionEPSS 1.1%CVE-2017-6931—In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that thEPSS 1.1%CVE-2017-6928—Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file befEPSS 1.1%CVE-2010-2250—Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL anEPSS 1.0%CVE-2010-2473—Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session thEPSS 1.0%CVE-2024-55638CRITICALDrupal core - Moderately critical - Gadget chain - SA-CORE-2024-008EPSS 1.0%CVE-2020-13667—Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces modulEPSS 0.9%CVE-2024-55636CRITICALDrupal core - Less critical - Gadget chain - SA-CORE-2024-006EPSS 0.9%CVE-2020-13662—Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to aEPSS 0.9%CVE-2024-55637CRITICALDrupal core - Moderately critical - Gadget chain - SA-CORE-2024-007EPSS 0.8%CVE-2024-22362HIGHDrupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able tEPSS 0.8%CVE-2017-6379—Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some bloEPSS 0.8%

← previouspage 2 / 5next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →