Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting (XSS)

By Drupal Security Team on 18 Mar 2015 at 19:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-080
Project: Profile2 Privacy (third-party module)
Version: 7.x
Date: 2015-March-18
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

By Drupal Security Team on 18 Mar 2015 at 18:04 UTC

Advisory ID: DRUPAL-SA-CORE-2015-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2015-March-18
Security risk: 14/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass, Open Redirect, Multiple vulnerabilities

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

By Drupal Security Team on 18 Mar 2015 at 16:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-079
Project: Chaos tool suite (ctools) (third-party module)
Version: 6.x, 7.x
Date: 2015-March-18
Security risk: 13/25 (Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass, Open Redirect

SA-CONTRIB-2015-078 - Webform - Cross Site Scripting (XSS)

By Drupal Security Team on 18 Mar 2015 at 16:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-078
Project: Webform (third-party module)
Version: 6.x, 7.x
Date: 2015-March-18
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Mar 2015 at 17:38 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-077
Project: OG tabs (third-party module)
Version: 7.x
Date: 2015-March-11
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Mar 2015 at 16:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-076
Project: Image Title (third-party module)
Version: 7.x
Date: 2015-March-11
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-075 - Perfecto - Open Redirect

By Drupal Security Team on 11 Mar 2015 at 16:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-075
Project: Perfecto (third-party module)
Version: 7.x
Date: 2015-March-11
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Open Redirect

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Mar 2015 at 16:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-074
Project: Site Documentation (third-party module)
Version: 6.x
Date: 2015-March-11
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting (XSS)

By Drupal Security Team on 4 Mar 2015 at 18:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-073
Project: Trick Question (third-party module)
Version: 6.x, 7.x
Date: 2015-March-04
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass

By Drupal Security Team on 4 Mar 2015 at 17:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-072
Project: Commerce Ogone (third-party module)
Version: 7.x
Date: 2015-March-04
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

Pages

Subscribe with RSS

SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting (XSS)

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001

SA-CONTRIB-2015-079 - Chaos tool suite (ctools) - Multiple vulnerabilities

SA-CONTRIB-2015-078 - Webform - Cross Site Scripting (XSS)

SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting (XSS)

SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS)

SA-CONTRIB-2015-075 - Perfecto - Open Redirect

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS)

SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting (XSS)

SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass

Pages

News items

Our community

Documentation

Drupal code base

Governance of community