| CVE-2018-7602 |
critical |
— |
10.0 |
|
|
|
8y ago |
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. |
| CVE-2018-7600 |
critical |
— |
10.0 |
|
|
|
8y ago |
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. |
| CVE-2020-13672 |
critical |
— |
9.5 |
|
|
|
5y ago |
Drupal core Cross-site Scripting (XSS) vulnerability |
| CVE-2019-6340 |
unknown |
— |
2.5 |
|
|
|
7y ago |
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. |
| CVE-2010-3094 |
low |
— |
2.1 |
|
|
|
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |
| CVE-2020-13671 |
unknown |
— |
1.5 |
|
|
|
6y ago |
Improper sanitization in the extension file names is present in Drupal core. |
| CVE-2019-10909 |
unknown |
— |
— |
|
|
|
7y ago |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… |
