Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2012-003 - Fill PDF - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-003
  • Project: Fill PDF (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-JANUARY-04
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Arbitrary code execution

SA-CONTRIB-2012-002 - Lingotek - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-002
  • Project: Lingotek Collaborative Translation (third-party module)
  • Version: 6.x
  • Date: 2012-January-04
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-001 - Registration Codes - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-001
  • Project: Registration Codes (third-party module)
  • Version: 6.x
  • Date: 2012-January-04
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-059 - Meta tags quick - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-059
  • Project: Meta tags quick (third-party module)
  • Version: 7.x
  • Date: 2011-December-14
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-058 - Support Timer - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-058
  • Project: Support Timer (third-party module)
  • Version: 6.x
  • Date: 2011-November-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-057 - Support Ticketing System - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-057
  • Project: Support Ticketing System (third-party module)
  • Version: 6.x
  • Date: 2011-November-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-056 - Webform Validation Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-056
  • Project: Webform Validation (third-party module)
  • Version: 6.x, 7.x
  • Date: 2011-November-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-055 - Webform CiviCRM Integration - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-055
  • Project: Webform CiviCRM Integration (third-party module)
  • Version: 6.x, 7.x
  • Date: 2011-November-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, SQL Injection

SA-CONTRIB-2011-054 - CKEditor - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-054
  • Project: CKEditor - WYSIWYG HTML editor (third-party module)
  • Version: 7.x
  • Date: 2011-November-09
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-053 - Quiz - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-053
  • Project: Quiz (third-party module)
  • Version: 6.x
  • Date: 2011-November-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects