This module addresses the General Data Protection Regulation (GDPR) that came into effect 25th May 2018, and the EU Directive on Privacy and Electronic Communications from 2012. It provides a banner where you can gather consent from the user when the website stores cookies on their computer or otherwise handles their personal information.
The Ubercart module provides a shopping cart and e-commerce features for Drupal.
The taxes module doesn't sufficiently protect the tax rate cloning feature. A malicious user could trick a store administrator into duplicating an existing tax rate by getting them to visit a specially-crafted URL.
The DvG distrubition contains the feature module dvg_domains to support multiple domains.
When the dvg_domains feature module is enabled, anonymous users are able to access some administration pages and change the settings exposed on those pages.
This issue can be mitigated by disabling the dvg_domains module.
The Rabbit Hole module allows administrators to control what should happen when a regular user tries to view an entity at its own page; for example, it may deliver a 403 Access Denied or 404 Page Not Found response, or redirect the user to another path.
The module doesn't respect the Rabbit Hole settings when an entity is being requested with a certain header. This could lead to certain data being exposed even if it shouldn't be. The vulnerability is mitigated by the fact that the user also needs permission to view the content being requested.
This module enables you to manage contextual conditions and reactions for different portions of your site.
The module doesn't sufficiently sanitize user output when displayed leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the ability to store malicious markup in the site (e.g. permission to create a node with a field that accepts "filtered html").
This module provides a standardized solution for building API's so that external clients can communicate with Drupal.
The module doesn't sufficiently sanitize user input for entity index resources thus allowing SQL Injection attacks.
This vulnerability is mitigated by the fact that the Drupal 7 site must have an "index" resource(s) enabled under the Services endpoint configuration (admin/structure/services/list/MY-ENDPOINT/resources) and an attacker must know the endpoint's machine name.
