SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-057
  • Project: Rotor Banner (third-party module)
  • Versions: 6.x-2.x, 5.x-1.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-056
  • Project: User Queue (third-party module)
  • Versions: 6.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2010-055 - Simplenews - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-055
  • Project: Simplenews (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2010-054 - Storm - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-054
  • Project: Storm (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting (XSS)
Categories: Drupal 6.x

SA-CONTRIB-2010-053 - External Link Page - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-053
  • Project: External Link Page (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2010-052 - Multiple vulnerabilities in multiple contributed modules

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-052
  • Projects: Multiple third party modules - Privatemsg, Weather Underground, Tellafriend, Menu Block Split, osCommerce, Download Count, Comment Page, False Account Detector, User Queue
  • Version: 5.x, 6.x
  • Date: 2010-05-19
  • Security risks: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Cross-site Request Forgery, Cross-site scripting, Email header injection, SQL Injection)
Categories: Drupal 5.x, Drupal 6.x

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for contributed projects