Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2012-018 - Revisioning - Cross Site Scripting
Posted by Drupal Security Team on February 9, 2012 at 12:37am
- Advisory ID: DRUPAL-SA-CONTRIB-2012-018
- Project: Revisioning (third-party module)
- Version: 6.x
- Date: 2012-FEB-08
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-017 - Finder - Multiple vulnerabilities
Posted by Drupal Security Team on February 8, 2012 at 4:03pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-017
- Project: Finder (third-party module)
- Version: 6.x, 7.x
- Date: 2012-February-08
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities
SA-CONTRIB-2012-016 - Forward module CSRF and Access bypass
Posted by Drupal Security Team on February 1, 2012 at 10:55pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-016
- Project: Forward (third-party module)
- Version: 6.x, 7.x
- Date: 2012-February-01
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass, Cross Site Request Forgery
SA-CONTRIB-2012-015 - Managesite - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 25, 2012 at 9:48pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-015
- Project: Managesite (third-party module)
- Version: 6.x
- Date: 2012-January-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-014 - Drupal Commerce - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 25, 2012 at 7:14pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-014
- Project: Drupal Commerce (third-party module)
- Version: 7.x
- Date: 2012-January-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection
Posted by Drupal Security Team on January 25, 2012 at 4:39pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-013
- Project: Search Autocomplete (third-party module)
- Version: 7.x
- Date: 2012-January-25
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL Injection
SA-CONTRIB-2012-012 - Quicktabs - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 18, 2012 at 8:39pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-012
- Project: Quick Tabs (third-party module)
- Version: 6.x, 7.x
- Date: 2012-January-18
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-011 - Panels - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 18, 2012 at 7:56pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-011
- Project: Panels (third-party module)
- Version: 6.x
- Date: 2012-January-18
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-010 - stickynote - Multiple vulnerabilities
Posted by Drupal Security Team on January 18, 2012 at 7:50pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-010
- Project: stickynote (third-party module)
- Version: 7.x
- Date: 2012-January-17
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting, Cross Site Request Forgery
SA-CONTRIB-2012-009 - Revisioning - Access bypass
Posted by Drupal Security Team on January 18, 2012 at 5:13pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-009
- Project: Revisioning (third-party module)
- Version: 7.x
- Date: 2012-January-18
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Subscribe with RSS 