Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal upload module vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2007-5596
The core Upload module in Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 places the .html extension on a whitelist, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by uploading .html files.
Drupal Drupal
231
VMScore
CVE-2006-2833
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote malicious users to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
Drupal Drupal 4.6.8
Drupal Drupal 4.7.2
383
VMScore
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Fedoraproject Fedora 23
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.36
Drupal Drupal 7.37
Drupal Drupal 7.x-dev
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.30
Drupal Drupal 7.33
Drupal Drupal 7.6
Drupal Drupal 7.7
668
VMScore
CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemente...
Drupal Drupal
383
VMScore
CVE-2017-6921
In Drupal 8 before 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an att...
Drupal Drupal
NA
CVE-2022-25277
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabil...
Drupal Drupal
578
VMScore
CVE-2009-2372
Drupal 6.x prior to 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via...
Drupal Drupal
383
VMScore
CVE-2009-2374
Drupal 5.x prior to 5.19 and 6.x prior to 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from...
Drupal Drupal
312
VMScore
CVE-2019-6341
In Drupal 7 versions before 7.65; Drupal 8.6 versions before 8.6.13;Drupal 8.5 versions before 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Drupal Drupal
Debian Debian Linux 8.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
356
VMScore
CVE-2017-6922
In Drupal core 8.x before 8.3.4 and Drupal core 7.x before 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »