David Rothstein

#7324de 53,635
37.4CVSS total
Vulnerabilidades · 6
Média
5
Crítica
1
PT-2025-26965
5.4
2025-06-26
Drupal · Drupal Simple Xml Sitemap · CVE-2025-6676
Nome do Software Vulnerável e Versões Afetadas: Drupal Simple XML sitemap versões 0.0.0 a 4.2.1 Descrição: O problema está relacionado à Neutralização Imprópria de Entrada Durante a Geração de Página Web, também conhecido como Cross-site Scripting (XSS). Isso permite que um invasor realize ataques de Cross-Site Scripting. Recomendações: Para as versões 0.0.0 a 4.2.1, atualize para a versão 4.2.2 ou posterior para resolver o problema. Como solução temporária, considere restringir a entrada do usuário para minimizar o risco de exploração.
PT-2024-10094
10
2024-05-29
Drupal · Drupal Rest & Json Api Authentication · CVE-2024-13258
**Nome do software vulnerável e versões afetadas** Drupal REST & JSON API Authentication, versões 0.0.0 a 2.0.12 **Descrição** O problema está relacionado a uma vulnerabilidade de autorização incorreta na Drupal REST & JSON API Authentication, permitindo a navegação forçada. Isso pode permitir que um invasor remoto contorne as restrições de segurança existentes. **Recomendações** Para as versões 0.0.0 a 2.0.12, atualize para a versão 2.0.13 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao módulo de autenticação REST & JSON API até que um patch seja aplicado.
PT-2018-8353
6.1
2018-02-24
Jquery · Jquery · CVE-2017-6929
**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 8.4.0 Drupal 7 versions prior to 7.57 **Description** A cross-site scripting issue is present in jQuery when making Ajax requests to untrusted domains. This issue requires contributed or custom modules to be exploitable. **Recommendations** For Drupal 8 versions prior to 8.4.0, update to Drupal 8.4.0 or later to resolve the issue. For Drupal 7 versions prior to 7.57, update to Drupal 7.57 or later to resolve the issue.
PT-2018-8356
5.8
2018-02-24
Drupal · Drupal · CVE-2017-6932
**Name of the Vulnerable Software and Affected Versions** Drupal core versions prior to 7.57 **Description** The issue allows an attacker to inject external links, potentially tricking users into navigating to unwanted sites when the language switcher block is used. Similar vulnerabilities exist in various custom and contributed modules. **Recommendations** For versions prior to 7.57, update to version 7.57 or later to resolve the issue. As a temporary workaround, consider disabling the language switcher block until the update is applied.
PT-2015-6110
5.8
2015-06-18
Drupal · Drupal · CVE-2015-3233
**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 7.38 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. **Recommendations** For versions prior to 7.38, update to version 7.38 or later to resolve the issue.
PT-2009-6371
4.3
2009-12-04
Drupal · Drupal Webform Module · CVE-2009-4207
**Name of the Vulnerable Software and Affected Versions** Drupal Webform module versions 5.x before 5.x-2.7 Drupal Webform module versions 6.x before 6.x-2.7 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a submission. **Recommendations** For versions 5.x before 5.x-2.7, update to version 5.x-2.7 or later. For versions 6.x before 6.x-2.7, update to version 6.x-2.7 or later.