Search CVE reports
1 – 10 of 84 results
CVE-2010-2473
Medium priorityDrupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
1 affected packages
drupal6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | — |
CVE-2010-2472
Medium priorityLocale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker...
1 affected packages
drupal6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | — |
CVE-2010-2250
Medium priorityDrupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
1 affected packages
drupal6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | — |
CVE-2010-2471
Medium priorityDrupal versions 5.x and 6.x has open redirection
1 affected packages
drupal6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | — |
CVE-2015-2750
Medium prioritySome fixes available 2 of 5
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//"...
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | Not in release | Not in release |
drupal7 | — | — | — | Not in release | Not affected |
CVE-2015-2749
Medium prioritySome fixes available 2 of 5
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | Not in release | Not in release |
drupal7 | — | — | — | Not in release | Not affected |
CVE-2016-7572
Medium priorityThe system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via...
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | Not in release |
drupal7 | — | — | — | — | Not affected |
CVE-2016-7571
Medium priorityCross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | Not in release |
drupal7 | — | — | — | — | Not affected |
CVE-2016-7570
Medium priorityDrupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | — | — | — | — | Not in release |
drupal7 | — | — | — | — | Not affected |
CVE-2016-6211
Medium priorityThe User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
2 affected packages
drupal6, drupal7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
drupal6 | Not in release | Not in release | Not in release | Not in release | Not in release |
drupal7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |