Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

Drupal core - Cross site scripting

Security advisories for Drupal core

Heine - December 19, 2006 - 15:43

Advisory ID: DRUPAL-SA-2007-001.
Project: Drupal Core.
Version: 4.6, 4.7.
Date: 2007-Jan-05.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Cross site scripting.

» Read more

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

Heine - October 12, 2006 - 11:55

Advisory ID: DRUPAL-SA-2006-026
Project: Drupal core
Date: 2006-Oct-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: HTML attribute injection

» Read more

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

Heine - October 12, 2006 - 11:50

Advisory ID: DRUPAL-SA-2006-025
Project: Drupal core
Date: 2006-Oct-18
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross site request forgeries

» Read more

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

Heine - October 12, 2006 - 11:47

Advisory ID: DRUPAL-SA-2006-024
Project: Drupal core
Date: 2006-Oct-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

» Read more

DRUPAL-SA-2006-011 XSS Vulnerability in user module

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

Gerhard Killesreiter - August 2, 2006 - 17:03

Advisory ID: DRUPAL-SA-2006-011
Project: Drupal core
Date: 2006-Aug-2
Security risk: less critical
Impact: Drupal core
Exploitable from: remote
Vulnerability: cross-site scripting

» Read more

DRUPAL-SA-2006-008 XSS Vulnerability in taxonomy module

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

webchick - June 1, 2006 - 19:20

Advisory ID: DRUPAL-SA-2006-008
Project: Drupal core
Date: 2006-Jun-01
Security risk: less critical
Impact: Drupal core
Exploitable from: remote
Vulnerability: cross-site scripting

» Read more

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

webchick - June 1, 2006 - 18:49

Advisory ID: DRUPAL-SA-2006-007
Project: Drupal core and potentially any web application that accepts uploads.
Date: 2006-Jun-01
Security risk: highly critical
Impact: Drupal core
Exploitable from: remote
Vulnerability: Execution of arbitrary files

» Read more

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

webchick - May 25, 2006 - 01:19

Advisory ID: DRUPAL-SA-2006-006
Project: Drupal core
Date: 2006-May-24
Security risk: highly critical
Impact: Drupal core
Exploitable from: remote
Vulnerability: Execution of arbitrary files

» Read more

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

Security advisories for Drupal core · Drupal 4.6.x · Drupal 4.7.x

chx - May 24, 2006 - 19:42

Advisory ID: DRUPAL-SA-2006-005
Project: Drupal core
Date: 2006-May-18
Security risk: highly critical
Impact: Drupal core
Exploitable from: remote
Vulnerability: SQL injection

» Read more

DRUPAL-SA-2006-004 Mail header injection vulnerability

Security advisories for Drupal core · Drupal 4.5.x or older · Drupal 4.6.x

jvandyk - March 13, 2006 - 21:04

Advisory ID: DRUPAL-SA-2006-004
Project: Drupal core
Date: 2006-03-13
Security risk: moderately critical
Impact: security bypass
Where: from remote
Vulnerability: mail header injection attack

» Read more

Security advisories

Drupal core - Cross site scripting

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

DRUPAL-SA-2006-011 XSS Vulnerability in user module

DRUPAL-SA-2006-008 XSS Vulnerability in taxonomy module

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

DRUPAL-SA-2006-004 Mail header injection vulnerability

User login

Contributor links