Skip to main content Skip to search

Security advisories

Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

Search Keywords cross site scripting vulnerability

Posted by Heine on September 19, 2006 at 10:48pm

Advisory ID: DRUPAL-SA-2006-022
Project: Search Keywords
Date: 2006-Sep-20
Security risk: moderately critical
Exploitable from: remote
Vulnerability: cross site scripting

Site Profile Directory cross site scripting vulnerability

Posted by Heine on September 19, 2006 at 10:46pm

Advisory ID: DRUPAL-SA-2006-021
Project: Site Profile Directory
Date: 2006-Sep-20
Security risk: less critical
Exploitable from: remote
Vulnerability: cross site scripting

Userreview cross site scripting vulnerability

Posted by Heine on September 13, 2006 at 4:12pm

Advisory ID: DRUPAL-SA-2006-020
Project: Userreview
Date: 2006-Sep-13
Security risk: less critical
Exploitable from: remote
Vulnerability: cross site scripting

Pubcookie security bypass

Posted by Heine on September 8, 2006 at 8:09am

Advisory ID: DRUPAL-SA-2006-019
Project: Pubcookie 4.6, 4.7
Date: 2006-Sep-8
Security risk: highly critical
Exploitable from: remote
Vulnerability: security bypass

Pathauto cross site scripting vulnerability

Posted by Heine on September 5, 2006 at 2:40pm

Advisory ID: DRUPAL-SA-2006-018
Project: Pathauto 4.6, 4.7
Date: 2006-Sep-05
Security risk: less critical
Exploitable from: remote
Vulnerability: Cross site scripting

Easylinks multiple vulnerabilities

Posted by Heine on August 22, 2006 at 7:52pm

Advisory ID: DRUPAL-SA-2006-017
Project: Easylinks 4.7
Date: 2006-Aug-22
Security risk: highly critical
Exploitable from: remote
Vulnerability: SQL injection, Cross site scripting

E-commerce Cross site scripting vulnerability

Posted by Heine on August 22, 2006 at 7:49pm

Advisory ID: DRUPAL-SA-2006-016
Project: E-commerce 4.7
Date: 2006-Aug-22
Security risk: less critical
Exploitable from: remote
Vulnerability: Multiple Cross site scripting

DRUPAL-SA-2006-015: Multiple vulnerabilities in Bibliography

Posted by Heine on August 9, 2006 at 1:45am

Advisory ID: DRUPAL-SA-2006-015
Project: Bibliography
Date: 2006-Aug-08
Security risk: highly critical
Exploitable from: remote
Vulnerability: SQL injection, Cross site scripting

Revision to DRUPAL-SA-2006-013 - Recipe

Posted by Heine on August 9, 2006 at 1:32am

Advisory ID: DRUPAL-SA-2006-014
Project: Recipe 4.6
Date: 2006-Aug-08
Security risk: less critical
Exploitable from: remote
Vulnerability: Cross site scripting

DRUPAL-SA-2006-013: Recipe module

Posted by Gerhard Killesreiter on August 7, 2006 at 9:12pm

Advisory ID: DRUPAL-SA-2006-013
Project: Recipe
Date: 2006-Aug-07
Security risk: less critical
Exploitable from: remote
Vulnerability: Cross site scripting

Subscribe with RSS

Security announcements

In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.

Contacting the Security team

In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.

Security books

There are many useful books about Drupal. Here are two that discuss security:

Advertising helps build a successful ecosystem around Drupal.

nobody click here