Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-054 - Storm - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-054
  • Project: Storm (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS)

SA-CONTRIB-2010-053 - External Link Page - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-053
  • Project: External Link Page (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-052 - Multiple vulnerabilities in multiple contributed modules

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-052
  • Projects: Multiple third party modules - Privatemsg, Weather Underground, Tellafriend, Menu Block Split, osCommerce, Download Count, Comment Page, False Account Detector, User Queue
  • Version: 5.x, 6.x
  • Date: 2010-05-19
  • Security risks: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Cross-site Request Forgery, Cross-site scripting, Email header injection, SQL Injection)

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-051
  • Project: Heartbeat (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-050 - CAPTCHA - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-050
  • Project: CAPTCHA (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-19
  • Security risk: Not Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-049 - Wordpress Import - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-049
  • Project: Wordpress Import (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2010-048: CiviRegister - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-048
  • Project: CiviRegister (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-12
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-047: Services - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-047
  • Project: Services (third-party module)
  • Version: 6.x
  • Date: 2010-May-12
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

SA-CONTRIB-2010-046: Award - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-046
  • Project: Award (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-12
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-045 - Auto Assign Role - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-045
  • Project: Auto Assign Role (third-party module)
  • Version: 6.x
  • Date: 2010-May-12
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects