Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090

By Drupal Security Team on 1 Apr 2015 at 14:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-090
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2015-April-01
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089

By Drupal Security Team on 1 Apr 2015 at 14:48 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-089
Project: EntityBulkDelete (third-party module)
Version: 7.x
Date: 2015-April-01
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Imagefield Info - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-088

By Drupal Security Team on 1 Apr 2015 at 14:43 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-088
Project: Imagefield Info (third-party module)
Version: 7.x
Date: 2015-April-01
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-087

By Drupal Security Team on 25 Mar 2015 at 16:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-087
Project: Ubercart Webform Checkout Pane (third-party module)
Version: 6.x, 7.x
Date: 2015-March-25
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Decisions - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-086

By Drupal Security Team on 25 Mar 2015 at 16:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-086
Project: Decisions (third-party module)
Version: 6.x
Date: 2015-March-25
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

Invoice - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-085

By Drupal Security Team on 25 Mar 2015 at 16:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-085
Project: Invoice (third-party module)
Version: 6.x, 7.x
Date: 2015-March-25
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

Linear Case - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-084

By Drupal Security Team on 25 Mar 2015 at 16:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-084
Project: Linear Case (third-party module)
Version: 6.x
Date: 2015-March-25
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083

By Drupal Security Team on 25 Mar 2015 at 16:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-083
Project: Webform Multiple File Upload (third-party module)
Version: 6.x, 7.x
Date: 2015-March-25
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082

By Drupal Security Team on 25 Mar 2015 at 15:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-082
Project: Crumbs (third-party module)
Version: 7.x
Date: 2015-March-25
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081

By Drupal Security Team on 25 Mar 2015 at 15:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-081
Project: Petition (third-party module)
Version: 6.x
Date: 2015-March-25
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090

EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089

Imagefield Info - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-088

Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-087

Decisions - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-086

Invoice - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-085

Linear Case - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-084

Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083

Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082

Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081

Pages

News items

Our community

Documentation

Drupal code base

Governance of community