Drupal Sårbarheter

Tidslinje

Typ

Content Management System	144
Project Management Software	10
E-Commerce Management Software	2
Feedback Software	2

Produkt

Drupal CMS	6
Drupal Drupal Project Issue Tracking	4
Drupal Project Issue Tracking Module	4
Drupal Ajax Checklist	4
Drupal Print	4

Åtgärd

Official Fix	138
Temporary Fix	0
Workaround	0
Unavailable	6
Not Defined	14

Utnyttjbarhet

High	62
Functional	0
Proof-of-Concept	52
Unproven	6
Not Defined	38

Åtkomstvektor

Not Defined	0
Physical	0
Local	0
Adjacent	0
Network	158

Autentisering

Not Defined	0
High	0
Low	64
None	94

Användarinteraktion

Not Defined	0
Required	104
None	54

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	50
≤5	46
≤6	8
≤7	30
≤8	22
≤9	0
≤10	2

CVSSv3 Temp

≤1	0
≤2	0
≤3	2
≤4	62
≤5	40
≤6	26
≤7	26
≤8	0
≤9	2
≤10	0

VulDB

≤1	0
≤2	0
≤3	0
≤4	50
≤5	46
≤6	8
≤7	30
≤8	22
≤9	0
≤10	2

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Säljare

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Utnyttja 0-dagars

<1k	4
<2k	104
<5k	50
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Utnyttja idag

<1k	158
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Utnyttja marknadsvolymen

🔴 CTI Aktiviteter

Affected Products (114): Acidfree (1), Administrator (1), Aggregation module (3), Ajax Checklist (2), Archive Module (1), Atom Module (1), BUEditor (1), Bibliography Module (2), BlueMasters (1), Brilliant Gallery (2), CCK comment reference (1), CMS (6), Chatroom Module (2), Comment Mail (1), Comment Upload Module (1), Commons (1), Content Construction Kit (3), Context Form Alteration module (1), Counter module (1), Custom Search module (2), Cvs Management And Tracker (1), Database Administration Module (2), Devel module (1), Doubleclick for Publishers (1), Drupal Pathauto Module (1), Drupal Project Issue Tracking (2), Drupal Pubcookie Module (1), E-Commerce Module (1), E-Publish (2), Easylinks Module (2), Entity API module (1), EveryBlog (4), Extended Tracker (1), FAQ (1), Feature Module (1), Feedapi Mapper (1), Fileshare module (1), Form Mail Module (1), Forward module (1), Header Image (1), Help Tip module (2), Imce Module (2), Internationalization (2), Job Search (1), Link module (1), Link to Us (1), Localization client (2), Localizer (1), LoginToboggan module (2), MAYO (1), Maestro (1), Magic Tabs module (1), Mailhandler (1), Mailsave (1), Mediafield Module (1), Meta Tags Module (1), Modal Frame (1), MySite (1), NewsFlash (1), News Page (1), Nivo Slider (1), Node Clone (1), Node Hierarchy module (1), Nodeaccess Userreference (1), Nodefamily (1), Nodequeue (1), OpenID (1), Organic Groups Menu (1), Organic Groups Module (2), Outline Designer module (1), Paypal Node Module (1), Petition Node module (1), Plus1 (1), Print (5), Print module (1), Professional theme (1), Project (1), Project Issue File Review (1), Project Issue Tracking Module (3), Project Issue Tracking module (2), Project issue tracking module (1), Protected Node module (1), Quiz (1), Randomizer (1), Search Keyword Module (1), Secure Site Module (2), Semantically Interconnected Online Communities (1), Services Module For Drupal (1), Shindig-Integrator (3), Shoutbox (1), SimpleCorp (1), Site Profile Directory Module (1), Skeleton theme (1), Stock Module (1), Suggested Terms module (1), Talk (2), Tasklist (1), Taxonomy Autotagger module (2), Taxonomy Image module (1), Taxonomy Theme module (1), Taxonomy manager (1), Tinytax Taxonomy Block Module (1), TrailScout module (2), Tribune (1), Ubercart Module (3), User Karma module (2), Userpoints Module (1), Userreview module (1), Views (2), Views Bulk Operations (1), Webform Module (1), Workflow (1), Zen (1), linkchecker (1)

Link to Vendor Website: https://www.drupal.org/

Publicerad	Base	Temp	Sårbarhet	Prod	Utn	Rem	EPSS	CTI	CVE
10/04/2018	5.4	5.1	Drupal Entity API module Access Restriction privilegier eskalering	Content Management System	Not Defined	Official Fix	0.00224	0.00	CVE-2014-1400
16/08/2017	8.0	7.7	Drupal CMS privilegier eskalering	Content Management System	Not Defined	Official Fix	0.01090	0.02	CVE-2017-6925
16/08/2017	4.6	4.5	Drupal CMS REST API privilegier eskalering	Content Management System	Not Defined	Official Fix	0.00953	0.03	CVE-2017-6924
16/08/2017	4.3	4.2	Drupal CMS Ajax Endpoint privilegier eskalering	Content Management System	Not Defined	Official Fix	0.00155	0.00	CVE-2017-6923
21/04/2015	4.3	4.1	Drupal Administrator förfalskning på begäran över webbplatsen	Content Management System	Not Defined	Official Fix	0.00160	0.00	CVE-2015-3351
12/11/2014	4.3	4.1	Drupal Organic Groups Menu Administration Page privilegier eskalering	Content Management System	Not Defined	Official Fix	0.00120	0.00	CVE-2014-8734
16/10/2014	4.3	4.0	Drupal Modal Frame cross site scripting	Content Management System	High	Official Fix	0.00220	0.02	CVE-2014-8296
14/10/2014	4.3	4.1	Drupal Project Issue File Review cross site scripting	Feedback Software	Not Defined	Official Fix	0.00140	0.00	CVE-2014-8765
13/10/2014	3.5	3.4	Drupal Doubleclick for Publishers cross site scripting	Content Management System	Not Defined	Official Fix	0.00082	0.00	CVE-2014-8748
13/10/2014	4.3	4.1	Drupal Commons Commons Module cross site scripting	Content Management System	Not Defined	Official Fix	0.00265	0.00	CVE-2014-8747
13/10/2014	3.5	3.4	Drupal Skeleton theme cross site scripting	Content Management System	High	Official Fix	0.00102	0.00	CVE-2014-8746
13/10/2014	3.5	3.4	Drupal Custom Search module Search Module cross site scripting	Content Management System	High	Official Fix	0.00111	0.00	CVE-2014-8745
13/10/2014	3.5	3.4	Drupal Nivo Slider cross site scripting	Content Management System	High	Official Fix	0.00111	0.02	CVE-2014-8744
13/10/2014	3.5	3.4	Drupal Maestro cross site scripting	Content Management System	Not Defined	Official Fix	0.00111	0.02	CVE-2014-8743
09/10/2014	3.5	3.4	Drupal MAYO MAYO Theme cross site scripting	Content Management System	Not Defined	Official Fix	0.00116	0.00	CVE-2014-8079
09/10/2014	3.5	3.4	Drupal Print cross site scripting	Content Management System	Not Defined	Official Fix	0.00116	0.00	CVE-2014-8078
09/10/2014	3.5	3.4	Drupal NewsFlash cross site scripting	Content Management System	Not Defined	Official Fix	0.00116	0.00	CVE-2014-8077
09/10/2014	3.5	3.4	Drupal Professional theme cross site scripting	Content Management System	High	Official Fix	0.00102	0.00	CVE-2014-8076
09/10/2014	3.5	3.5	Drupal Tribune cross site scripting	Content Management System	Not Defined	Not Defined	0.00120	0.00	CVE-2014-8075
08/10/2014	3.5	3.4	Drupal Zen template.php cross site scripting	Content Management System	Not Defined	Official Fix	0.00089	0.00	CVE-2014-7980
08/10/2014	3.5	3.4	Drupal SimpleCorp cross site scripting	Content Management System	Not Defined	Official Fix	0.00111	0.00	CVE-2014-7979
08/10/2014	3.5	3.4	Drupal BlueMasters cross site scripting	Content Management System	Not Defined	Official Fix	0.00111	0.00	CVE-2014-7978
06/10/2014	3.5	3.4	Drupal Custom Search module Search Module cross site scripting	Content Management System	Not Defined	Official Fix	0.00082	0.00	CVE-2014-7870
06/10/2014	3.5	3.4	Drupal Context Form Alteration module cross site scripting	Content Management System	Not Defined	Official Fix	0.00082	0.00	CVE-2014-7869
25/09/2012	4.3	4.1	Drupal FAQ cross site scripting	Content Management System	Not Defined	Official Fix	0.00341	0.02	CVE-2012-1646

Drupal Sårbarheter

Tidslinje

Typ

Produkt

Åtgärd

Utnyttjbarhet

Åtkomstvektor

Autentisering

Användarinteraktion

C3BM Index

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Säljare

Research

Utnyttja 0-dagars

Utnyttja idag

Utnyttja marknadsvolymen

🔴 CTI Aktiviteter

🔒 Login Required

Are you interested in using VulDB?