Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-077 - Google Site Search - Cross Site Scripting (XSS)

By Drupal Security Team on 18 Sep 2013 at 18:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-077
Project: Google Site Search (third-party module)
Version: 6.x, 7.x
Date: 2013-September-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Sep 2013 at 21:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-076
Project: jQuery Countdown (third-party module)
Version: 7.x
Date: 2013-September-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)

By Drupal Security Team on 11 Sep 2013 at 20:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-075
Project: Click2Sell Suite (third-party module)
Version: 6.x
Date: 2013-September-11
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Sep 2013 at 20:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-074
Project: MediaFront (third-party module)
Version: 6.x, 7.x
Date: 2013-September-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Drupal core - Users can insert hidden text and links - PSA-2013-001

Date:

2013-September-04

Advisory ID: PSA-2013-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-September-04
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass

By Drupal Security Team on 4 Sep 2013 at 14:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-073
Project: Make Meeting Scheduler (third-party module)
Version: 6.x
Date: 2013-September-04
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-072 - Node View Permissions - Access Bypass

By Drupal Security Team on 28 Aug 2013 at 18:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-072
Project: Node View Permissions (third-party module)
Version: 7.x
Date: 2013-August-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-071 - Flag - Cross Site Scripting

By Drupal Security Team on 28 Aug 2013 at 17:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-071
Project: Flag (third-party module)
Version: 7.x
Date: 2013-August-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

By Drupal Security Team on 21 Aug 2013 at 19:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-070
Project: Zen (third-party module)
Version: 7.x
Date: 2013-August-21
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-069 - Password Policy - XSS

By Drupal Security Team on 14 Aug 2013 at 18:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-069
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2013-August-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS