Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-096 - Link - Cross Site Scripting

By Drupal Security Team on 4 Nov 2009 at 20:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-096
Project: Link (third-party module)
Version: 5.x, 6.x
Date: 2009-November-4
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-095 - Smartqueue OG - Access Bypass

By Drupal Security Team on 4 Nov 2009 at 20:02 UTC

Advisory ID: SA-CONTRIB-2009-095
Project: Smartqueues for Organic Groups (smartqueue_og) (third-party module)
Version: 6.x
Date: 2009 November 4
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities

By coltrane on 4 Nov 2009 at 19:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-094
Project: NGP COO/CWP Integration (crmngp) (third-party module)
Version: 6.x
Date: 2009-November-4
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting and Access bypass

SA-CONTRIB-2009-093 - Temporary Invitation - Cross Site Scripting

By meba on 4 Nov 2009 at 19:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-093
Project: Temporary Invitation (third-party module)
Version: 5.x
Date: 2009 November 4
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting

By Drupal Security Team on 4 Nov 2009 at 19:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-092
Project: S5 Presentation Player (third-party module)
Version: 6.x
Date: 2009 November 4
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-091 - Node Hierarchy - Cross Site Scripting

By Drupal Security Team on 4 Nov 2009 at 19:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-091
Project: Node Hierarchy (third-party module)
Version: 6.x, 5.x
Date: 2009 November 4
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-090 - User Protect - Cross Site Request Forgery

By hunmonk on 4 Nov 2009 at 13:20 UTC

Advisory ID: SA-CONTRIB-2009-090
Project: User Protect (third-party module)
Version: 5.x, 6.x
Date: 2009-November-04
Security risk: Moderate
Exploitable from: Remote
Vulnerability: Cross site request forgery

SA-CONTRIB-2009-089 - Storm - Access Bypass

By greggles on 28 Oct 2009 at 22:43 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-089
Project: Storm (third-party module)
Version: 6.x
Date: 2009-October-28
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Access Bypass

SA-CONTRIB-2009-088 - Workflow Multiple Cross Site Scripting Vulnerabilities

By greggles on 28 Oct 2009 at 22:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-088
Project: Workflow (third-party module)
Version: 6.x, 5.x
Date: 2009-October-28
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-087 - FAQ Ask - Multiple Vulnerabilities

By greggles on 28 Oct 2009 at 21:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-087
Project: FAQ Ask (third-party module)
Version: 6.x
Date: 2009 October 28
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple Vulnerabilities (XSS, CSRF, Open Redirect)

Pages

Subscribe with RSS