Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-020 - Print - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-020
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-April-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-019 - Localization client - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-019
  • Project: Localization client (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009-April-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-018 - Feed element mapper - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-018
  • Project: Feed element mapper (third-party module)
  • Version: 5.x
  • Date: 2009-March-26
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-017 - Vote Up/Down - Cross-site request forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-017
  • Project: Vote Up/Down (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-March-25
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site request forgery

SA-CONTRIB-2009-016 - Wikitools - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-016
  • Project: Wikitools (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-March-25
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-015
  • Project: Token authentication (third-party module)
  • Version: 6.x
  • Date: 2009-March-25
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2009-014 - CCK Field Privacy - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-014
  • Project: CCK Field Privacy
  • Version: 6.x
  • Date: 2009-March-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2009-013 CCK - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-013
  • Project: Content Construction Kit (third-party module)
  • Version: 6.x
  • Date: 2009 March 18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 6.x

SA-CONTRIB-2009-012 - Printer, e-mail and PDF versions - Unrestricted e-mailing (spam)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-012
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009 March 18
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Unrestricted e-mailing (spam)
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-011 Tasklist - SQL injection and Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-011
  • Project: Tasklist (third-party module)
  • Version: 5.x
  • Date: 2009 March 18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection and Cross-site scripting (XSS)
Categories: Drupal 5.x

Pages

Subscribe with RSS Subscribe to Security advisories