Security advisories for third-party projects that are not part of Drupal core - this includes all module, themes, and install profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2014-040 - Skeleton theme - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-040
  • Project: Skeleton (third-party theme)
  • Version: 7.x
  • Date: 2014-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-038 - SimpleCorp theme - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-038
  • Project: SimpleCorp (third-party theme)
  • Version: 7.x
  • Date: 2014-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-039 - Revisioning - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-039
  • Project: Revisioning (third-party module)
  • Version: 7.x
  • Date: 2014-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2014-037 - BlueMasters - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-037
  • Project: BlueMasters (third-party module)
  • Version: 7.x
  • Date: 2014-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-036 - Print - Cross Site Scripting

SA-CONTRIB-2014-035 - CAS Server - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2014-035
  • Project: CAS (third-party module)
  • Version: 6.x, 7.x
  • Date: 2014-April-02
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Pages

Subscribe with RSS Subscribe to RSS - Security advisories for contributed projects