Security advisories for third-party projects that are not part of Drupal core - this includes all module, themes, and install profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2014-045 - Drupal Commons - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-045
  • Project: Drupal Commons (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-044 - Professional Theme - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-044
  • Project: Professional Theme (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-043 - Custom Search - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-043
  • Project: Custom Search (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-April-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-042 - Internationalization - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-042
  • Project: Internationalization (third-party module)
  • Version: 7.x
  • Date: 2014-April-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-041 - Block Search - SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-041
  • Project: Block Search (third-party module)
  • Version: 6.x
  • Date: 2014-April-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-CONTRIB-2014-040 - Skeleton theme - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-040
  • Project: Skeleton (third-party theme)
  • Version: 7.x
  • Date: 2014-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to RSS - Security advisories for contributed projects