Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2012-086 - Amadou - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-086
  • Project: Amadou (third-party theme)
  • Version: 6.x
  • Date: 2012-May-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-085 - BrowserID - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-085
  • Project: BrowserID (Mozilla Persona) (third-party module)
  • Version: 7.x
  • Date: 2012-May-23
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery (results in Privilege Escalation)

SA-CONTRIB-2012-084 - Search API - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-084
  • Project: Search API (third-party module)
  • Version: 7.x
  • Date: 2012-May-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-083 - Taxonomy List - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-083
  • Project: Taxonomy List (third-party module)
  • Version: 6.x
  • Date: 2012-May-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-082 - Zen - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-082
  • Project: Zen (third-party theme)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-081 - Aberdeen - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-081
  • Project: Aberdeen (third-party theme)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-080
  • Project: Hostmaster (Aegir) (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2012-079 - Post Affiliate Pro - Cross Site Scripting (XSS) and Access Bypass - Unsupported

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-079
  • Project: Post Affiliate Pro (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Access bypass

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-078
  • Project: Smart Breadcrumb (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-077 - Advertisement - Cross Site Scripting & Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-077
  • Project: Advertisement (third-party module)
  • Version: 6.x
  • Date: 2012-May-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects