Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-059 - Autosave - Cross Site Request Forgery

By Drupal Security Team on 11 Apr 2012 at 19:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-059
Project: Autosave (third-party module)
Version: 6.x, 7.x
Date: 2012-April-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-058 - Fivestar - Input Validation

By Drupal Security Team on 11 Apr 2012 at 15:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-058
Project: Fivestar (third-party module)
Version: 6.x
Date: 2012-April-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Input Validation

SA-CONTRIB-2012-057 - Printer, email and PDF versions - Cross Site Scripting (XSS)

By Drupal Security Team on 4 Apr 2012 at 22:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-057
Project: Printer, email and PDF versions (third-party module)
Version: 6.x, 7.x
Date: 2012-April-04
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability

By Drupal Security Team on 4 Apr 2012 at 17:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-056
Project: Janrain Engage (formerly RPX) (third-party module)
Version: 6.x, 7.x
Date: 2012-April-04
Security risk: Less critical
Exploitable from: Not exploitable
Vulnerability: Sensitive Data Protection Vulnerability

SA-CONTRIB-2012-055 - Fusion theme - Cross Site Scripting (XSS)

By Drupal Security Team on 28 Mar 2012 at 20:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-055
Project: Fusion (third-party theme)
Version: 6.x
Date: 2012-March-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-054 - Chaos tool suite - Cross Site Scripting (XSS)

By Drupal Security Team on 28 Mar 2012 at 20:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-054
Project: Chaos tool suite (ctools) (third-party module)
Version: 7.x
Date: 2012-March-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS