Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2011-053 - Quiz - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-053
  • Project: Quiz (third-party module)
  • Version: 6.x
  • Date: 2011-November-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-052 - Views SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-052
  • Project: Views (third-party module)
  • Version: 6.x
  • Date: 2011-November-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-CONTRIB-2011-051 - Hotblocks module - multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-051
  • Project: HotBlocks (third-party module)
  • Version: 6.x
  • Date: 2011-November-02
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2011-050 - Organic groups - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-050
  • Project: Organic groups (third-party module)
  • Version: 7.x
  • Date: 2011-October-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-049 - Cumulus - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-049
  • Project: Cumulus (third-party module)
  • Version: 5.x, 6.x
  • Date: 2011-October-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS)

SA-CONTRIB-2011-048 - Certificate Login SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-048
  • Project: Certificate Login (third-party module)
  • Version: 5.x, 6.x
  • Date: 2011-October-12
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-CONTRIB-2011-047 - OG Features access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-047
  • Project: OG Features (third-party module)
  • Version: 6.x
  • Date: 2011-October-05
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-046 - Echo - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-046
  • Project: Echo (third-party module)
  • Version: 6.x, 7.x, 8.x
  • Date: 2011-October-05
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2011-045 - Rate module Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-045
  • Project: Rate (third-party module)
  • Version: 6.x, 7.x
  • Date: 2011-October-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS)

SA-CONTRIB-2011-044 - Homebox for Organic Groups Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-044
  • Project: Homebox (third-party module)
  • Version: 6.x, 7.x
  • Date: 2011-October-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS)

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects