Cpe Name:
cpe:/a:drupal:drupal:8.3.0:rc1
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-9861 |
79 |
|
XSS |
2018-04-19 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. |
2 |
CVE-2018-7600 |
20 |
|
Exec Code |
2018-03-29 |
2018-06-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
3 |
CVE-2017-6929 |
79 |
|
XSS |
2018-03-01 |
2018-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module. |
4 |
CVE-2017-6920 |
19 |
|
Exec Code |
2018-08-06 |
2018-10-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. |
5 |
CVE-2017-6919 |
284 |
|
Bypass |
2017-04-19 |
2017-07-10 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. |
Total number of vulnerabilities :
5
Page :
1
(This Page)