Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-041 - Fancy Slide - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 21:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-041
Project: Fancy Slide (third-party module)
Version: 6.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-040 - CKEditor and FCKeditor - multiple XSS, arbitrary code execution

By Drupal Security Team on 14 Mar 2012 at 18:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-040
Project: CKEditor, FCKeditor - WYSIWYG HTML editor (third-party module)
Version: 6.x, 7.x
Date: 2012-March-14
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery, Arbitrary PHP code execution

SA-CONTRIB-2012-039 - Language Icons - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 17:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-039
Project: Language icons (third-party module)
Version: 6.x, 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-038 - Views Language Switcher Cross Site Scripting (XSS)

By Drupal Security Team on 14 Mar 2012 at 17:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-038
Project: Views Language Switcher (third-party module)
Version: 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-037 - Slidebox - access bypass

By Drupal Security Team on 14 Mar 2012 at 16:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-037
Project: Slidebox (third-party module)
Version: 7.x
Date: 2012-March-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-036 - Multiple Modules Unsupported

By Drupal Security Team on 14 Mar 2012 at 13:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-036
Projects: Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, Redirecting click bouncer (third-party modules)
Version: 6.x
Version: 7.x
Date: 2012-March-14
Security risk: Critical
Exploitable from: Remote
Vulnerability: Information Disclosure

Pages

Subscribe with RSS