Show advisories for only Drupal core, only PSAs, or all security advisories

Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by community members.

SA-CONTRIB-2012-081 - Aberdeen - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-081
  • Project: Aberdeen (third-party theme)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-080
  • Project: Hostmaster (Aegir) (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 6.x

SA-CONTRIB-2012-079 - Post Affiliate Pro - Cross Site Scripting (XSS) and Access Bypass - Unsupported

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-079
  • Project: Post Affiliate Pro (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-078
  • Project: Smart Breadcrumb (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-077 - Advertisement - Cross Site Scripting & Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-077
  • Project: Advertisement (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities
Categories: Drupal 6.x

SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-076
  • Project: Ubercart Product Keys (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-075
  • Project: Take Control (third-party module)
  • Version: 6.x
  • Date: 2012-May-09
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-074 - Contact Forms - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-074
  • Project: Contact Forms (third-party module)
  • Version: 7.x
  • Date: 2012-May-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-073
  • Project: Glossary (third-party module)
  • Version: 6.x
  • Date: 2012-May-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-072
  • Project: cctags (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-May-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects