Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

OpenLucius - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-004

By Drupal Security Team on 11 Jan 2017 at 16:23 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-004
Project: OpenLucius (third-party distribution)
Version: 7.x
Date: 2017-January-11
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

Autocomplete Deluxe - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-003

By Drupal Security Team on 11 Jan 2017 at 15:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-003
Project: Autocomplete Deluxe (third-party module)
Version: 7.x
Date: 2017-January-11
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002

By Drupal Security Team on 4 Jan 2017 at 19:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-002
Project: Doubleclick for Publishers (DFP) (third-party module)
Version: 7.x
Date: 2017-January-04
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:All
Vulnerability: Cross Site Scripting

Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001

By Drupal Security Team on 4 Jan 2017 at 18:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-001
Project: Permissions by Term (third-party module)
Version: 8.x
Date: 2017-January-04
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass, Information Disclosure

High-performance JavaScript callback handler - Highly Critical - Multiple vulnerabilities - SA-CONTRIB-2016-063

By Drupal Security Team on 7 Dec 2016 at 17:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-063
Project: High-performance JavaScript callback handler (third-party module)
Version: 7.x
Date: 2016-December-07
Security risk: 22/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request Forgery, Open Redirect, Multiple vulnerabilities

Elysia Cron - Critical - Arbitrary PHP code execution - SA-CONTRIB-2016-062

By Drupal Security Team on 30 Nov 2016 at 19:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-062
Project: Elysia Cron (third-party module)
Version: 7.x
Date: 2016-November-30
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS