Browse all 3 CVE security advisories affecting drupal6. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Drupal6 is a legacy content management system primarily used for building and managing websites, though it's now unsupported. Historically, it faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and outdated components. With three active CVEs remaining, the platform poses significant security risks due to lack of security updates. Major incidents have included exploitation of unserialize vulnerabilities leading to RCE and persistent XSS flaws in core modules. Organizations still using Drupal6 face heightened exposure to automated attacks targeting known weaknesses, making migration to supported versions critical for maintaining security posture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2010-2473 | Drupal 输入验证错误漏洞 — drupal6 | 8.2 | - | 2019-11-07 |
| CVE-2010-2472 | Drupal Locale module和dependent contributed modules 跨站脚本漏洞 — drupal6 | 4.8 | - | 2019-11-07 |
| CVE-2010-2250 | Drupal 跨站脚本漏洞 — drupal6 | 6.1 | - | 2019-11-07 |
This page lists every published CVE security advisory associated with drupal6. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.