Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2012-050 - CDN2 Video - Unsupported

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-050
  • Project: CDN2 Video (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2012-049 - ShareThis - Multiple Vulnerablies

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-049
  • Project: ShareThis (third-party module)
  • Version: 7.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-048 - Contact Save - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-048
  • Project: Contact Save (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-047 - Ubercart Views - Information disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-047
  • Project: Ubercart Views (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-046 - Bundle Copy - Arbitrary Code execution

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-046
  • Project: Bundle copy (third-party module)
  • Version: 7.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary PHP code execution

SA-CONTRIB-2012-045 - AddToAny - Cross Site Scripting

SA-CONTRIB-2012-044 - Contact Forms - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-044
  • Project: Contact Forms (third-party module)
  • Version: 6.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-043 - MultiBlock - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-043
  • Project: MultiBlock (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-March-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-042 - Wishlist Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-042
  • Project: Wishlist Module (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-March-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-041 - Fancy Slide - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-041
  • Project: Fancy Slide (third-party module)
  • Version: 6.x
  • Date: 2012-March-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects