CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

The vulnerability of the Comment module in the Drupal CMS system allows a hacker to trigger a service failure.

The vulnerability of the Comment module in the Drupal CMS system relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

GHSA-XQ54-X54M-VCPX Drupal core Denial of Service

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

Drupal core Denial of Service

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

Infinite loop

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Infinite loop via the Comment module. An attacker can trigger excessive resource consumption by making repeated comment reply...

The vulnerability of the Netcat CMS system’s comment module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Netcat CMS system’s comment module exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Denial Of Service (DoS)

drupal/core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handing of requests within the comment module, allowing an attacker reply requests resulting in DoS...

GHSA-6CCV-8FGF-CJPW Drupal core Denial of Service vulnerability

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

Drupal core Denial of Service vulnerability

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

Drupal DoS Vulnerability (SA-CORE-2024-001) - Windows

Drupal is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Drupal DoS Vulnerability (SA-CORE-2024-001) - Linux

Drupal is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

DRUPAL-CORE-2024-001

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

PT-2024-9530 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.2.0 through 10.2.1 Drupal Core versions 10.1.0 through 10.1.7 Description: A vulnerability in Drupal Core allows Excessive Allocation, which can be exploited to trigger a denial of service DOS. The issue affects certai...

Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...

MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

GHSA-VC4F-2G7F-PMQR MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

CVE-2020-15885

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

CVE-2020-15885

This CVE concerns MunkiReport’s comment module prior to version 4.0, where a Cross-Site Scripting (XSS) vulnerability exists. The issue allows remote attackers to inject arbitrary web script or HTML by posting a new comment, with the potential to affect users who view comments. The available conn...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

DESTOON sql注入漏洞

简要描述： DESTOON sql注入漏洞 详细说明： 一枚二次注入,因为使用了dhtmlspecialchars导致防注入失效。可以任意数据。 先来看留言模块： \module\extend\comment.inc.php $item = $db-getone"SELECT title,linkurl,username,status FROM ".gettable$mid." WHERE itemid=$itemid"; //从数据库中取出对于模块的发布数据 $item or exit; $item'status' 2 or exit; $linkurl =...