Vulnerabilities > Drupal > Drupal > 7.82
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-26 | CVE-2023-31250 | Incorrect Authorization vulnerability in Drupal The file download facility doesn't sufficiently sanitize file paths in certain situations. | 6.5 |
2023-04-26 | CVE-2022-25275 | Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. | 7.5 |
2022-02-16 | CVE-2022-25271 | Improper Input Validation vulnerability in multiple products Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
2021-10-26 | CVE-2021-41182 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41183 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2021-10-26 | CVE-2021-41184 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
2014-11-24 | CVE-2010-5312 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. | 6.1 |