Vulnerabilities > Drupal > Drupal > 5.23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2020-13672 | Cross-site Scripting vulnerability in Drupal Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. | 2.6 |
| 2018-03-29 | CVE-2018-7600 | Improper Input Validation vulnerability in multiple products Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 7.5 |
| 2012-05-21 | CVE-2012-2922 | Information Exposure vulnerability in Drupal The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. | 5.0 |
| 2009-09-24 | CVE-2009-3352 | Unspecified vulnerability in Drupal Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-07-08 | CVE-2009-2372 | Code Injection vulnerability in Drupal Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. | 6.5 |
| 2008-10-29 | CVE-2008-4789 | Permissions, Privileges, and Access Controls vulnerability in Drupal The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | 6.0 |
| 2008-03-04 | CVE-2008-1133 | Cross-Site Scripting vulnerability in Drupal The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |