Contacting the Security team
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
Security advisories for contributed projects
Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-098
- Project: Zoomify (third-party module)
- Version: 5.x, 6.x
- Date: 2009-November-4
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-097 - Organic Groups Vocabulary - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-097
- Project: Organic Groups Vocabulary (third-party module)
- Version: 6.x
- Date: 2009-November-4
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-096 - Link - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-096
- Project: Link (third-party module)
- Version: 5.x, 6.x
- Date: 2009-November-4
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-095 - Smartqueue OG - Access Bypass
- Advisory ID: SA-CONTRIB-2009-095
- Project: Smartqueues for Organic Groups (smartqueue_og) (third-party module)
- Version: 6.x
- Date: 2009 November 4
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities
- Advisory ID: DRUPAL-SA-CONTRIB-2009-094
- Project: NGP COO/CWP Integration (crmngp) (third-party module)
- Version: 6.x
- Date: 2009-November-4
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross-site scripting and Access bypass
SA-CONTRIB-2009-093 - Temporary Invitation - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-093
- Project: Temporary Invitation (third-party module)
- Version: 5.x
- Date: 2009 November 4
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-092
- Project: S5 Presentation Player (third-party module)
- Version: 6.x
- Date: 2009 November 4
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-091 - Node Hierarchy - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2009-091
- Project: Node Hierarchy (third-party module)
- Version: 6.x, 5.x
- Date: 2009 November 4
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-090 - User Protect - Cross Site Request Forgery
- Advisory ID: SA-CONTRIB-2009-09-090
- Project: User Protect (third-party module)
- Version: 5.x, 6.x
- Date: 2009-November-04
- Security risk: Moderate
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-CONTRIB-2009-089 - Storm - Access Bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2009-089
- Project: Storm (third-party module)
- Version: 6.x
- Date: 2009-October-28
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Access Bypass
