Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2019-11-21 CVE-2012-1637 Cross-site Scripting vulnerability in Drupal Quick Tabs
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
network
low complexity
drupal CWE-79
4.8
2019-11-15 CVE-2011-2726 Incorrect Authorization vulnerability in multiple products
An access bypass issue was found in Drupal 7.x before version 7.5.
network
low complexity
drupal debian redhat fedoraproject CWE-863
7.5
2019-11-11 CVE-2019-18856 Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
network
low complexity
drupal CWE-732
7.5
2019-11-07 CVE-2010-2473 Improper Input Validation vulnerability in Drupal
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances.
network
low complexity
drupal CWE-20
6.5
2019-11-07 CVE-2010-2472 Cross-site Scripting vulnerability in Drupal
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack.
network
low complexity
drupal CWE-79
4.8
2019-11-07 CVE-2010-2250 Cross-site Scripting vulnerability in Drupal
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
network
low complexity
drupal CWE-79
6.1
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
network
low complexity
drupal debian CWE-601
6.1
2019-05-24 CVE-2019-11876 Cross-site Scripting vulnerability in multiple products
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.
network
low complexity
prestashop drupal CWE-79
6.1
2019-05-16 CVE-2019-10911 Improper Authentication vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
network
high complexity
sensiolabs drupal CWE-287
7.5
2019-05-16 CVE-2019-10910 SQL Injection vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution.
network
low complexity
sensiolabs drupal CWE-89
critical
9.8