Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-013
  • Project: Menu Breadcrumb (third-party module)
  • Version: 6.x
  • Date: 2010-February-03
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-012
  • Project: ODF Import (third-party module)
  • Version: 6.x-1.0
  • Date: 2010-February-3
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-011
  • Project: Feedback (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-010 - Author Contact - Cross site scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-010
  • Project: Author Contact (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-27
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-009 - Block Class - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-009
  • Project: Block Class (third-party module)
  • Version: 6.x-1.2, 5.x-1.1
  • Date: 2010-January-20
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-008
  • Project: Recent Comments (third-party module)
  • Version: 6.x-1.0, 5.x-1.2
  • Date: 2010-January-20
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-007 - Control Panel - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-007
  • Project: Control Panel (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-20
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-006
  • Project: Bibliography (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-13
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-005 - Own Term - Cross site scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-005
  • Project: Own Term (third-party module)
  • Version: 6.x-1.0
  • Date: 2010-January-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-004 - Node block - Cross site scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-004
  • Project: Node Block (third-party module)
  • Version: 6.13, 5.11
  • Date: 2010-January-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects