Lucene search
K

32 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43069

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43070

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-58588

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS0.00204EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-58587

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-58588 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-066

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

0.00204EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-58588 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-066

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References5
OSV
OSV
added 4 days ago2 views

CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References5
CVE
CVE
added 4 days ago16 views

CVE-2026-58588

CVE-2026-58588 describes an XSS vulnerability in the Drupal Canvas module caused by improper neutralization of input during web page generation. Affected versions are: 0.0.0–1.4.2, 1.5.0–1.5.2, 1.6.0–1.6.1, and 1.7.0–1.7.1. The issue stems from allowing image uploads via a custom API while valida...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-58587

CVE-2026-58587 affects Drupal Canvas (Canvas AI submodule). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Affected versions include 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1. Root ca...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.4 views

CVE-2026-3216

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15476

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 4:16 p.m.6 views

CVE-2026-3216

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

5CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 3:24 p.m.22 views

CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 3:24 p.m.2 views

CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

5.8AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 3:24 p.m.11 views

CVE-2026-3216

CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...

5CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

Drupal Canvas 安全漏洞

Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.1.1 contained security vulnerabilities, which were due to susceptibility to server-side request forgeing attacks...

5CVSS5.8AI score0.00287EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:51 p.m.9 views

DRUPAL-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

5CVSS5.7AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22088

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.1.1 Description A Server-Side Request Forgery SSRF issue exists in the Drupal Canvas module. The vulnerability is exposed when the hidden canvas ai submodule is enabled, typically through Drupal Recipes or...

5CVSS5.9AI score0.00287EPSS
Exploits0References5
Drupal
Drupal
added 2026/02/25 12:0 a.m.18 views

Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

5CVSS5.6AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder