Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Camtasia Relay - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100

By Drupal Security Team on 29 Apr 2015 at 15:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-100
Project: Camtasia Relay (third-party module)
Version: 6.x, 7.x
Date: 2015-April-29
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:None/E:Exploit/TD:Default
Vulnerability: Cross Site Scripting

Node Template - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-099

By Drupal Security Team on 22 Apr 2015 at 15:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-099
Project: Node Template (third-party module)
Version: 6.x, 7.x
Date: 2015-April-22
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Request Forgery

Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098

By Drupal Security Team on 22 Apr 2015 at 15:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-098
Project: Keyword Research (third-party module)
Version: 6.x
Date: 2015-April-22
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097

By Drupal Security Team on 22 Apr 2015 at 15:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-097
Project: HybridAuth Social Login (third-party module)
Version: 7.x
Date: 2015-April-22
Security risk: 9/25 ( Less Critical) AC:Basic/A:Admin/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Information Disclosure

Services - Critical - Multiple Vulnerabilites - SA-CONTRIB-2015-096

By Drupal Security Team on 15 Apr 2015 at 18:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-096
Project: Services (third-party module)
Version: 7.x
Date: 2015-April-15
Security risk: 16/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Arbitrary PHP code execution, Information disclosure

Display Suite - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-095

By Drupal Security Team on 15 Apr 2015 at 14:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-095
Project: Display Suite (third-party module)
Version: 7.x
Date: 2015-April-15
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094

By Drupal Security Team on 8 Apr 2015 at 15:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-094
Project: CiviCRM private report (third-party module)
Version: 6.x, 7.x
Date: 2015-April-08
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

User Import - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-093

By Drupal Security Team on 1 Apr 2015 at 17:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-093
Project: User Import (third-party module)
Version: 6.x, 7.x
Date: 2015-April-01
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

Open Graph Importer - Moderately Critical - Access bypass - Unsupported - SA-CONTRIB-2015-092

By Drupal Security Team on 1 Apr 2015 at 16:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-092
Project: Open Graph Importer (third-party module)
Version: 7.x
Date: 2015-April-01
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Current Search Links - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-091

By Drupal Security Team on 1 Apr 2015 at 15:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-091
Project: Current Search Links (third-party module)
Version: 7.x
Date: 2015-April-01
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

Camtasia Relay - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100

Node Template - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-099

Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098

HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097

Services - Critical - Multiple Vulnerabilites - SA-CONTRIB-2015-096

Display Suite - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-095

CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094

User Import - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-093

Open Graph Importer - Moderately Critical - Access bypass - Unsupported - SA-CONTRIB-2015-092

Current Search Links - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-091

Pages

News items

Our community

Documentation

Drupal code base

Governance of community