Vulnerabilities > Drupal > Drupal > 5.5

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
high complexity
drupal CWE-79
2.6
2019-11-07 CVE-2010-2473 Improper Input Validation vulnerability in Drupal
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances.
network
drupal CWE-20
3.5
2019-11-07 CVE-2010-2472 Cross-site Scripting vulnerability in Drupal
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack.
network
drupal CWE-79
3.5
2019-11-07 CVE-2010-2250 Cross-site Scripting vulnerability in Drupal
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
network
drupal CWE-79
4.3
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
5.8
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
7.5
2012-05-21 CVE-2012-2922 Information Exposure vulnerability in Drupal
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
network
low complexity
drupal CWE-200
5.0
2010-09-21 CVE-2010-3093 Permissions, Privileges, and Access Controls vulnerability in Drupal
The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
network
drupal CWE-264
3.5
2010-09-21 CVE-2010-3092 Permissions, Privileges, and Access Controls vulnerability in Drupal
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.
network
low complexity
drupal CWE-264
5.5
2009-12-21 CVE-2009-4369 Cross-Site Scripting vulnerability in Drupal
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.
network
drupal CWE-79
3.5