| Max CVSS | 5.1 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-5597 | 4.3 |
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) O
|
26-10-2018 - 14:14 | 19-10-2007 - 23:17 | |
| CVE-2007-5595 | 5.1 |
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
26-10-2018 - 14:13 | 19-10-2007 - 23:17 | |
| CVE-2007-5596 | 4.3 |
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
|
26-10-2018 - 14:13 | 19-10-2007 - 23:17 |