Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-025
  • Project: Fivestar (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site request forgery
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-023 - News Page - SQL injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-023
  • Project: News Page
  • Versions: 5.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection
Categories: Drupal 5.x

SA-CONTRIB-2009-022 - Exif - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-022
  • Project: Exif (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting

Description

The Exif module enables users to display EXIF tags in images on the site.

SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-024
  • Project: Node Access User Reference (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Description

SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-021
  • Project: CCK comment reference (third-party module)
  • Version: 6.x
  • Date: 2009 April 15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 6.x

SA-CONTRIB-2009-020 - Print - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-020
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-019 - Localization client - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-019
  • Project: Localization client (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009-April-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-018 - Feed element mapper - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-018
  • Project: Feed element mapper (third-party module)
  • Version: 5.x
  • Date: 2009-March-26
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-017 - Vote Up/Down - Cross-site request forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-017
  • Project: Vote Up/Down (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-March-25
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site request forgery

SA-CONTRIB-2009-016 - Wikitools - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-016
  • Project: Wikitools (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-March-25
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting

Pages

Subscribe with RSS Subscribe to Security advisories