Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-079
  • Project: Context (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-2013-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Arbitrary PHP code execution

SA-CONTRIB-2013-078 - Quick Tabs - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-078
  • Project: Quick Tabs (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-October-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-077 - Google Site Search - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-077
  • Project: Google Site Search (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-September-18
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-076
  • Project: jQuery Countdown (third-party module)
  • Version: 7.x
  • Date: 2013-September-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-075
  • Project: Click2Sell Suite (third-party module)
  • Version: 6.x
  • Date: 2013-September-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-074
  • Project: MediaFront (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-September-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-073
  • Project: Make Meeting Scheduler (third-party module)
  • Version: 6.x
  • Date: 2013-September-04
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-072 - Node View Permissions - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-072
  • Project: Node View Permissions (third-party module)
  • Version: 7.x
  • Date: 2013-August-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-071 - Flag - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-071
  • Project: Flag (third-party module)
  • Version: 7.x
  • Date: 2013-August-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2013-070
  • Project: Zen (third-party module)
  • Version: 7.x
  • Date: 2013-August-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects