Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2011-043 - Petition Node - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-043
  • Project: petition_node (third-party module)
  • Version: 6.x
  • Date: 2011-October-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-042 Views Bulk Operations - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-042
  • Project: Views Bulk Operations (VBO) (third-party module)
  • Version: 6.x
  • Date: 2011-September-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-041 - Hostmaster (Aegir) - Cross Site Scripting

  • Advisory ID: SA-CONTRIB-2011-041
  • Project: Hostmaster (Aegir) (third-party module)
  • Version: 6.x
  • Date: 2011-September-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-040 Author Pane access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-040
  • Project: Author Pane (third-party module)
  • Version: 6.x
  • Date: 2011-September-7
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-039
  • Project: Bot Alarm (third-party module)
  • Version: 6.x
  • Date: 2011-August-31
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-038
  • Project: Taxonomy Views Integrator (third-party module)
  • Version: 6.x
  • Date: 2011-August-31
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-037- Node Invite - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-037
  • Project: Node Invite (third-party module)
  • Version: 6.x
  • Date: 2011-August-31
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-036 - Addresses - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-036
  • Project: Addresses (third-party module)
  • Version: 6.x
  • Date: 2011-August-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-035 Forward module - Open redirect

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-035
  • Project: Forward (third-party module)
  • Version: 6.x, 7.x
  • Date: 2011-August-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Open redirect

SA-CONTRIB-2011-034 - Display Suite - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-034
  • Project: Display suite (third-party module)
  • Version: 7.x
  • Date: 2011-August-03
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects