Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module up to and including 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
Drupal Svg Sanitizer
Drupal Svg Sanitizer 8.x-1.0
312
VMScore
CVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x prior to 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an malicious user to perform a cross-site scripting (XSS) attack. Th...
Drupal Drupal
312
VMScore
CVE-2010-2473
Drupal 6.x prior to 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Drupal Drupal
383
VMScore
CVE-2010-2250
Drupal 5.x and 6.x prior to 6.16 uses a user-supplied value in output during site installation which could allow an malicious user to craft a URL and perform a cross-site scripting attack.
Drupal Drupal
516
VMScore
CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection
Drupal Drupal
Debian Debian Linux 5.0
383
VMScore
CVE-2019-11876
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing t...
Prestashop Prestashop 1.7.5.2
Drupal Drupal 8.7.0
312
VMScore
CVE-2019-10909
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Sensiolabs Symfony
Drupal Drupal
668
VMScore
CVE-2019-10910
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Sensiolabs Symfony
Drupal Drupal
534
VMScore
CVE-2019-10911
In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, a vulnerability would allow an malicious user to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. T...
Sensiolabs Symfony
Drupal Drupal
668
VMScore
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 does not prevent directory traversal, which allows malicious users to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
Typo3 Pharstreamwrapper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Drupal Drupal
Joomla Joomla\\!
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »