Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-021
  • Project: Maestro (third-party module)
  • Version: 7.x
  • Date: 2014-February-19
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-020
  • Project: Drupal Commons (third-party distribution)
  • Version: 7.x
  • Date: 2014-02-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-019
  • Project: Easy Social (third-party module)
  • Version: 7.x
  • Date: 2014-February-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-018
  • Project: Webform (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-February-12
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-017
  • Project: Image Resize Filter (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-February-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Denial of Service (DOS)

SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-016
  • Project: MAYO (third-party theme)
  • Version: 7.x
  • Date: 2014-02-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-015 - FileField - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-015
  • Project: FileField (third-party module)
  • Version: 6.x
  • Date: 2014-02-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-014
  • Project: Webform Validation (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-February-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-013
  • Project: Chaos tool suite (ctools) (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-02-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-012
  • Project: Modal Frame API (third-party module)
  • Version: 6.x
  • Date: 2014-February-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects