This module provides a standardized solution for building API's so that external clients can communicate with Drupal.
The Services module has an access bypass vulnerability in its "attach_file" resource that allows users who have access to create or update nodes that include file fields to arbitrarily reference files they do not have access to, which can expose private files.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create or edit a node.
This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs.
The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the attacker must have access to input filtered html that will be included on the modules administration page e.g. in a block (this configuration is not common). Further, the Module Filter vertical tabs setting must be enabled.
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
This module enables you to add social media share buttons on your website to its content and pages.
The module doesn't sufficiently mark its administration permission restricted, allowing cross site scripting vulnerabilities to users who have access to its admin settings.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer addtoany".
This advisory was edited on March 25th to add the affected 8.x-1.11 release.
Simple hierarchical select defines a new form widget for taxonomy fields to select a term by "browsing" through the vocabularies hierarchy. It also allows users to create new taxonomy terms using its widget directly in the node form.
This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.
The module doesn't sufficiently sanitize some user input on administrative forms.
This module enables you to create customized lists of data.
The module doesn't sufficiently sanitize certain field types, leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that a view must display a field with the format "Full data (serialized)" and an attacker must have the ability to store malicious markup in that field.
This module enables you to create customized lists of data.
The module doesn't sufficiently build queries when used with exposed filters, leading to a possible information disclosure vulnerability in certain rare circumstances.
This vulnerability is mitigated by the fact that a view must have an exposed filter on a field that is used on multiple entity types, both of which are included in the view.
