Drupal 跨站脚本漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...

PT-2026-6098

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The...

CVE-2025-14556

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

EUVD-2019-19114

Malware in sbrugna...

EUVD-2013-0220

Malware in sbrugna...

EUVD-2018-7482

Malware in sbrugna...

EUVD-2020-28169

Malware in sbrugna...

EUVD-2014-1476

Malware in sbrugna...

EUVD-2019-6071

Malware in sbrugna...

EUVD-2024-51489

Malicious code in bioql PyPI...

EUVD-2024-51510

Malicious code in bioql PyPI...

EUVD-2025-16195

Malicious code in bioql PyPI...

CVE-2015-6752

Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

Kibana 7.x < 7.17.23 Multiples Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.23 or 8.x prior to 8.14.2. It is, therefore, affected by Multiples Vulnerabilities. - An allocation of resources without limits or throttling in Kibana can lead to a crash caused ...

CVE-2024-13297

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X- before 7.X-1.15...

CVE-2024-13268

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Opigno TinCan Question Type versions 7.X-1.0 through 7.X-1.3, which stems from an unsuccessful neutralization of directives in statically saved code,...

Drupal PHP Object Injection Vulnerability (SA-CORE-2024-008) - Linux

Drupal is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...