Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure

SA-CONTRIB-2014-119 - Google Analytics - Information disclosure

SA-CONTRIB-2014-118 - Administer Users by Role - Access Bypass - Unsupported

SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS)

SA-CONTRIB-2014-116 - Webform Invitation - Cross Site Scripting

SA-CONTRIB-2014-115 - Form Builder - Cross-Site Scripting (XSS)

SA-CONTRIB-2014-114 - Tournament - Cross Site Scripting

SA-CONTRIB-2014-113 - Secure Password Hashes - Denial of Service

SA-CONTRIB-2014-112 - Node Field - Cross Site Scripting (XSS)

SA-CONTRIB-2014-111 - Protected Pages - Password Protection Bypass

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects