Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-019 - Ubercart Views - Cross site scripting (XSS)

By Drupal Security Team on 20 Feb 2013 at 14:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-019
Project: Ubercart Views (third-party module)
Version: 6.x
Date: 2013-February-20
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-018 - Taxonomy Manager - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 20 Feb 2013 at 14:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-018
Project: Taxonomy Manager (third-party module)
Version: 6.x, 7.x
Date: 2013-February-20
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-017 - Yandex.Metrics - Cross site scripting (XSS)

By Drupal Security Team on 20 Feb 2013 at 14:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-017
Project: Yandex.Metrics (third-party module)
Version: 6.x, 7.x
Date: 2013-February-20
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-016 - Banckle Chat - Access bypass - Unsupported

By Drupal Security Team on 13 Feb 2013 at 16:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-016
Project: Banckle Chat (third-party module)
Version: 7.x
Date: 2013-February-13
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross site scripting (XSS)

By Drupal Security Team on 13 Feb 2013 at 15:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-015
Project: Manager Change for Organic Groups (third-party module)
Version: 7.x
Date: 2013-February-13
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-014 - Drush Debian Packaging - Information Disclosure - Unsupported

By Drupal Security Team on 30 Jan 2013 at 17:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-014
Project: Drush Debian Packaging (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Critical
Exploitable from: Local
Vulnerability: Information Disclosure

SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS)

By Drupal Security Team on 30 Jan 2013 at 17:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-013
Project: Boxes (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass

By Drupal Security Team on 30 Jan 2013 at 17:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-012
Project: Google Authenticator login (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-011 - email2image - Access Bypass - Unsupported

By Drupal Security Team on 30 Jan 2013 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-011
Project: email2image (third-party module)
Version: 6.x
Date: 2013-January-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 17:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-010
Project: Search API sorts (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS