Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2014-063 - Easy Breadcrumb - Cross Site Scripting (XSS)

By Drupal Security Team on 18 Jun 2014 at 13:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-063
Project: Easy Breadcrumb (third-party module)
Version: 7.x
Date: 2014-June-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-062 -Passsword Policy - Multiple vulnerabilities

By Drupal Security Team on 18 Jun 2014 at 12:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-062
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2014-June-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2014-061 - VideoWhisper Webcam Plugins - Cross Site Scripting (XSS) - Unsupported

By Drupal Security Team on 18 Jun 2014 at 12:54 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-061
Project: VideoWhisper Webcam Plugins (third-party module)
Version: 7.x
Date: 2014-June-18
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 11 Jun 2014 at 18:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-060
Project: - Petitions - (third-party distribution)
Version: 7.x
Date: 2014-June-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Jun 2014 at 15:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-059
Project: Touch (third-party module)
Version: 7.x
Date: 2014-June-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2014-058 - Webserver Auth - Access Bypass

By Drupal Security Team on 28 May 2014 at 14:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2014-058
Project: Webserver authentication (third-party module)
Version: 7.x
Date: 2014-May-28
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS