Show advisories for only Drupal core, only PSAs, or all security advisories

Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by community members.

SA-CONTRIB-2012-059 - Autosave - Cross Site Request Forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-059
  • Project: Autosave (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-April-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-058 - Fivestar - Input Validation

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-058
  • Project: Fivestar (third-party module)
  • Version: 6.x
  • Date: 2012-April-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Input Validation
Categories: Drupal 6.x

SA-CONTRIB-2012-057 - Printer, email and PDF versions - Cross Site Scripting (XSS)

By Drupal Security Team on
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-056
  • Project: Janrain Engage (formerly RPX) (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-April-04
  • Security risk: Less critical
  • Exploitable from: Not exploitable
  • Vulnerability: Sensitive Data Protection Vulnerability
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-055 - Fusion theme - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-055
  • Project: Fusion (third-party theme)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-054 - Chaos tool suite - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-054
  • Project: Chaos tool suite (ctools) (third-party module)
  • Version: 7.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2012-053 - Organic Groups - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-053
  • Project: Organic groups (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-052 - Node Limit Number - Cross Site Request Forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-052
  • Project: Node Limit Number (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-051
  • Project: Activity (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-050 - CDN2 Video - Unsupported

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-050
  • Project: CDN2 Video (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 6.x

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects