CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2472
https://notcve.org/view.php?id=CVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. El módulo local y los módulos contribuidos dependientes en Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no sanean apropiadamente la visualización de códigos de Idioma, nombres nativos y de idioma Inglés, lo que podría permitir a un atacante llevar a cabo un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad es mitigada por el hecho de que un atacante necesita tener un rol con el permiso de "administer languages". • https://security-tracker.debian.org/tracker/CVE-2010-2472 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2250
https://notcve.org/view.php?id=CVE-2010-2250
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. Drupal versiones 5.x y 6.x anteriores a la versión 6.16, utiliza un valor suministrado por el usuario en la salida durante la instalación del sitio, lo que podría permitir a un atacante crear una URL y realizar un ataque de tipo cross-site scripting • http://www.openwall.com/lists/oss-security/2014/02/12/8 https://security-tracker.debian.org/tracker/CVE-2010-2250 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2471
https://notcve.org/view.php?id=CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection Drupal versiones 5.x y 6.x, tiene un redireccionamiento abierto • http://www.openwall.com/lists/oss-security/2014/02/12/8 https://access.redhat.com/security/cve/cve-2010-2471 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592716 https://security-tracker.debian.org/tracker/CVE-2010-2471 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 97%CPEs: 7EXPL: 28CVE-2018-7600 – Drupal Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. Drupal en versiones anteriores a la 7.58, 8.x anteriores a la 8.3.9, 8.4.x anteriores a la 8.4.6 y 8.5.x anteriores a la 8.5.1 permite que los atacantes remotos ejecuten código arbitrario debido a un problema que afecta a múltiples subsistemas con configuraciones de módulos por defecto o comunes. Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. • https://www.exploit-db.com/exploits/44482 https://www.exploit-db.com/exploits/44449 https://www.exploit-db.com/exploits/44448 https://github.com/a2u/CVE-2018-7600 https://github.com/pimps/CVE-2018-7600 https://github.com/g0rx/CVE-2018-7600-Drupal-RCE https://github.com/firefart/CVE-2018-7600 https://github.com/r3dxpl0it/CVE-2018-7600 https://github.com/dr-iman/CVE-2018-7600-Drupal-0day-RCE https://github.com/sl4cky/CVE-2018-7600 https://github.com/s • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2016-3163
https://notcve.org/view.php?id=CVE-2016-3163
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. El sistema XML-RPC en Drupal 6.x en versiones anteriores a 6.38 y 7.x en versiones anteriores a 7.43 podría hacer más fácil para atacantes remotos llevar a cabo ataques de fuerza bruta a través de una gran cantidad de llamadas realizadas a la vez al mismo método. • http://www.debian.org/security/2016/dsa-3498 http://www.openwall.com/lists/oss-security/2016/02/24/19 http://www.openwall.com/lists/oss-security/2016/03/15/10 https://www.drupal.org/SA-CORE-2016-001 • CWE-254: 7PK - Security Features •