24 matches found
PT-2026-44140
Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...
CVE-2026-36762
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...
EUVD-2004-2406
Malware in sbrugna...
EUVD-2024-51489
Malicious code in bioql PyPI...
EUVD-2024-51451
Malicious code in bioql PyPI...
The vulnerability of the File Entity module in the Drupal CMS system, which allows attackers to disclose protected information
The vulnerability of the Drupal File Entity CMS system is related to the disclosure of information during data transmission. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the Drupal File Entity CMS system, related to the lack of measures taken to protect the website structure, allows attackers to bypass security restrictions and perform cross-site scripting attacks.
The vulnerability of the Drupal File Entity CMS system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform cross-site scripting attacks...
CVE-2024-13276
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...
CVE-2024-13276
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...
CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...
CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...
CVE-2024-13276
CVE-2024-13276 affects Drupal File Entity (fieldable files) versions 7.X-* before 7.X-2.39. The vulnerability allows insertion of sensitive information into sent data, enabling forceful browsing and potential disclosure of protected data. Root cause details point to how files are stored and expos...
CVE-2024-13237
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...
CVE-2024-13237
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...
CVE-2024-13237 File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...
CVE-2024-13237
CVE-2024-13237 affects Drupal File Entity (fieldable files). The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) for File Entity versions 7.X-* up to but not including 7.X-2.38. The issue is discussed in SA-CONTRIB-2024-00...
CVE-2024-13237 File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...
PT-2025-1041 · Drupal · File Entity
Name of the Vulnerable Software and Affected Versions: File Entity versions 7.X- through 7.X-2.38 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS attacks. This can enable a remote attacker to bypass security...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal File Entity versions 7.X- through 7.X-2.38, which stems from improper input neutralization during page generation, resulting in a cross-site scriptin...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal File Entity fieldable files versions 7.X- through 7.X-2.39, which stems from the inclusion of a sensitive information disclosure issue...