Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Jan 2015 at 19:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-021
Project: Content Analysis (third-party module)
Version: 6.x
Date: 2015-January-14
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 14 Jan 2015 at 18:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-020
Project: Contact form fields (third-party module)
Version: 6.x
Date: 2015-January-14
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect

By Drupal Security Team on 14 Jan 2015 at 18:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-019
Project: Ubercart Currency Conversion (third-party module)
Version: 6.x
Date: 2015-January-14
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Open Redirect

SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Jan 2015 at 17:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-018
Project: Video (third-party module)
Version: 7.x
Date: 2015-January-14
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Jan 2015 at 17:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-017
Project: Room Reservations (third-party module)
Version: 7.x
Date: 2015-January-14
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-016 - Tadaa! - Multiple vulnerabilities

By Drupal Security Team on 14 Jan 2015 at 17:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-016
Project: Tadaa! (third-party module)
Version: 7.x
Date: 2015-January-14
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery, Open Redirect

SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Jan 2015 at 17:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-015
Project: Term merge (third-party module)
Version: 7.x
Date: 2015-January-14
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2015-014 - Wishlist - Multiple vulnerabilities

By Drupal Security Team on 14 Jan 2015 at 17:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-014
Project: Wishlist Module (third-party module)
Version: 6.x, 7.x
Date: 2015-January-14
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 7 Jan 2015 at 19:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-010
Project: Log Watcher (third-party module)
Version: 6.x
Date: 2015-January-07
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS)

By Drupal Security Team on 7 Jan 2015 at 18:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-013
Project: Field Display Label (third-party module)
Version: 7.x
Date: 2015-January-07
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)

SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)

SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect

SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)

SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS)

SA-CONTRIB-2015-016 - Tadaa! - Multiple vulnerabilities

SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)

SA-CONTRIB-2015-014 - Wishlist - Multiple vulnerabilities

SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)

SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS)

Pages

News items

Our community

Documentation

Drupal code base

Governance of community