Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-042 - Wishlist Cross Site Scripting (XSS)

By Drupal Security Team on 21 Mar 2012 at 15:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-042
Project: Wishlist Module (third-party module)
Version: 6.x, 7.x
Date: 2012-March-21
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-041 - Fancy Slide - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 21:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-041
Project: Fancy Slide (third-party module)
Version: 6.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-040 - CKEditor and FCKeditor - multiple XSS, arbitrary code execution

By Drupal Security Team on 14 Mar 2012 at 18:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-040
Project: CKEditor, FCKeditor - WYSIWYG HTML editor (third-party module)
Version: 6.x, 7.x
Date: 2012-March-14
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery, Arbitrary PHP code execution

SA-CONTRIB-2012-039 - Language Icons - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 17:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-039
Project: Language icons (third-party module)
Version: 6.x, 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-038 - Views Language Switcher Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 17:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-038
Project: Views Language Switcher (third-party module)
Version: 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-037 - Slidebox - access bypass

By Drupal Security Team on 14 Mar 2012 at 16:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-037
Project: Slidebox (third-party module)
Version: 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-036 - Multiple Modules Unsupported

By Drupal Security Team on 14 Mar 2012 at 13:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-036
Projects: Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, Redirecting click bouncer (third-party modules)
Version: 6.x
Version: 7.x
Date: 2012-March-14
Security risk: Critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-035 - Webform Cross Site Scripting (XSS)

By Drupal Security Team on 7 Mar 2012 at 20:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-035
Project: Webform (third-party module)
Version: 6.x, 7.x
Date: 2012-March-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-034 - Node Recommendation Cross Site Scripting (XSS)

By Drupal Security Team on 7 Mar 2012 at 16:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-034
Project: Node Recommendation (third-party module)
Version: 6.x
Date: 2012-March-7
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

localizations - Cross Site Scripting - PSA-2012-001

Date:

2012-March-07

Advisory ID: DRUPAL-PSA-2012-001
Version: 6.x, 7.x
Date: 2012-March-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS