Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-082 - Bean - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Oct 2013 at 18:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-082
Project: Bean (third-party module)
Version: 7.x
Date: 2013-10-23
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-081 - Spaces - Access bypass

By Drupal Security Team on 23 Oct 2013 at 16:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-081
Project: Spaces (third-party module)
Version: 6.x
Date: 2013-10-23
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)

By Drupal Security Team on 16 Oct 2013 at 18:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-080
Project: Simplenews (third-party module)
Version: 6.x, 7.x
Date: 2013-Month-DD
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

By Drupal Security Team on 16 Oct 2013 at 15:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-079
Project: Context (third-party module)
Version: 6.x, 7.x
Date: 2013-2013-16
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass, Arbitrary PHP code execution

SA-CONTRIB-2013-078 - Quick Tabs - Access Bypass

By Drupal Security Team on 2 Oct 2013 at 17:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-078
Project: Quick Tabs (third-party module)
Version: 6.x, 7.x
Date: 2013-October-02
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-077 - Google Site Search - Cross Site Scripting (XSS)

By Drupal Security Team on 18 Sep 2013 at 18:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-077
Project: Google Site Search (third-party module)
Version: 6.x, 7.x
Date: 2013-September-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Sep 2013 at 21:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-076
Project: jQuery Countdown (third-party module)
Version: 7.x
Date: 2013-September-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)

By Drupal Security Team on 11 Sep 2013 at 20:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-075
Project: Click2Sell Suite (third-party module)
Version: 6.x
Date: 2013-September-11
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Sep 2013 at 20:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-074
Project: MediaFront (third-party module)
Version: 6.x, 7.x
Date: 2013-September-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Drupal core - Users can insert hidden text and links - PSA-2013-001

Date:

2013-September-04

Advisory ID: PSA-2013-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-September-04
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Information Disclosure

Pages

Subscribe with RSS