厂商或团体 drupal 的搜索结果 (321)

CVE-2018-9861(发布:2018-04-19 13:29:00)NM
CVSS4.3

[原文]Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.

CVE-2018-9205(发布:2018-04-04 11:29:00)NMP
CVSS5.0

[原文]Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.

CVE-2014-5170(发布:2018-03-29 14:29:00)NMCS
CVSS7.5

[CNNVD]Drupal Storage API模块任意代码执行漏洞--Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Storage API是其中的一个用于管理文件存储和服务的框架模块。 Drupal Storage API模块7.x-1.6之前的7.x版本中存在任意代码执行漏洞。攻击者可利用该漏洞在用户上下文...

CVE-2018-7600(发布:2018-03-29 03:29:00)NMPS
CVSS7.5

[原文]Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVE-2017-6929(发布:2018-03-01 18:29:00)NM
CVSS4.3

[原文]A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.

CVE-2017-6932(发布:2018-03-01 18:29:00)NM
CVSS5.8

[原文]Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

12345678下一页尾页 第1页 / 共54页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站