Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-066
  • Project: Spaces (third-party module)
  • Version: 6.x
  • Date: 2012-April-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-065 - Sitedoc - Information disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-065
  • Project: Site Documentation (third-party module)
  • Version: 6.x
  • Date: 2012-April-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2012-064 - Ubercart - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-064
  • Project: Ubercart (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-April-25
  • Security risk: Moderately critical
  • Exploitable from: Varies (Local & Remote)
  • Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities

SA-CONTRIB-2012-063 - RealName - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-063
  • Project: RealName (third-party module)
  • Version: 6.x
  • Date: 2012-April-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-062 - Creative Commons - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-062
  • Project: Creative Commons (third-party module)
  • Version: 6.x
  • Date: 2012-April-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-061 - Gigya - Social optimization - Cross Site Scripting (XSS)

SA-CONTRIB-2012-060 - Commerce Reorder - Cross Site Request Forgery

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-060
  • Project: Commerce Reorder (third-party module)
  • Version: 7.x
  • Date: 2012-April-18
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-059 - Autosave - Cross Site Request Forgery

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-059
  • Project: Autosave (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-April-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-058 - Fivestar - Input Validation

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-058
  • Project: Fivestar (third-party module)
  • Version: 6.x
  • Date: 2012-April-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Input Validation

SA-CONTRIB-2012-057 - Printer, email and PDF versions - Cross Site Scripting (XSS)

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects