Drupal : Security Vulnerabilities, CVEs, Published In 2011 CVSS score >= 3
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.
Max CVSS
3.5
EPSS Score
0.13%
Published
2011-11-28
Updated
2017-08-29
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
Max CVSS
7.5
EPSS Score
1.42%
Published
2011-07-27
Updated
2015-09-03
3 vulnerabilities found