Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CORE-2009-006 - Drupal core - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-006
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-May-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-028 - Feed Block - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-028
  • Project: Feed Block (third-party module)
  • Version: 6.x
  • Date: 2009-May-13
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2009-027 - Printer, e-mail and PDF versions - Cross-site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-027
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009-May-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-026 - LoginToboggan - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-026
  • Project: LoginToboggan (third-party module)
  • Version: 6.x
  • Date: 2009-May-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CORE-2009-005 - Drupal core - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-005
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-025
  • Project: Fivestar (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site request forgery
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-023 - News Page - SQL injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-023
  • Project: News Page
  • Versions: 5.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection
Categories: Drupal 5.x

SA-CONTRIB-2009-022 - Exif - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-022
  • Project: Exif (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting

Description

The Exif module enables users to display EXIF tags in images on the site.

SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-024
  • Project: Node Access User Reference (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Description

SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-021
  • Project: CCK comment reference (third-party module)
  • Version: 6.x
  • Date: 2009 April 15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 6.x

Pages

Subscribe with RSS Subscribe to Security advisories