Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass

By Drupal Security Team on 15 Oct 2014 at 16:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-099
Project: Open Atrium (third-party module)
Version: 7.x
Date: 2014-10-15
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)

By Drupal Security Team on 15 Oct 2014 at 12:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-098
Project: CKEditor - WYSIWYG HTML editor (third-party module)
Version: 6.x, 7.x
Date: 2014-October-15
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-097 - nodeaccess - Access Bypass

By Drupal Security Team on 8 Oct 2014 at 13:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-097
Project: Nodeaccess (third-party module)
Version: 6.x, 7.x
Date: 2014-October-08
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Uncommon
Vulnerability: Access bypass

SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)

By Drupal Security Team on 8 Oct 2014 at 13:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-096
Project: OAuth2 Client (third-party module)
Version: 7.x
Date: 2014-October-08
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-095 - Safeword - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Sep 2014 at 19:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-095
Project: Safeword (third-party module)
Version: 7.x
Date: 2014-September-23
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Sep 2014 at 19:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-094
Project: Webform Patched (third-party module)
Version: 6.x, 7.x
Date: 2014-September-24
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS