Contrib security advisories
SA-CONTRIB-2010-026 - Monthly Archive by Node Type - Access Bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2010-026
- Project: Monthly Archive by Node Type (third-party module)
- Version: 6.x (all branches)
- Date: 2010-March-10
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Access Bypass
Categories: Security
SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS)
- Advisory ID: DRUPAL-SA-CONTRIB-2010-025
- Project: TinyMCE (third-party module)
- Version: 5.x
- Date: 2010-March-09
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-024 - eTracker - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-024
- Project: eTracker (third-party module)
- Version: 6.x-1.1
- Date: 2010-March-03
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-023
- Project: Workflow (third-party module)
- Version: 6.x, 5.x
- Date: 2010-March-03
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-022 - Internationalization - Arbitrary code execution
- Advisory ID: DRUPAL-SA-CONTRIB-2010-022
- Project: Internationalization (third-party module)
- Version: 6.x-1.x 5.x-2.x
- Date: 2010-March-03
- Security risk: Highly Critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Security
SA-CONTRIB-2010-021 - AddThis Button - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-021
- Project: AddThis Button (third-party module)
- Version: 6.x, 5.x
- Date: 2010-March-03
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-020 - Facebook-style Statuses (Microblog) - Access bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2010-020
- Project: Facebook-style Statuses (Microblog) (third-party module)
- Version: 6.x-2.x
- Date: 2010-February-24
- Security risk: Not Critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Categories: Security
SA-CONTRIB-2010-019 - Weekly Archive by Node Type - Access Bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2010-019
- Project: Weekly Archive by Node Type (third-party module)
- Version: 6.x-2.x
- Date: 2010-February-24
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Access Bypass
Categories: Security
SA-CONTRIB-2010-018 - Content Distribution - Multiple Vulnerabilities
- Advisory ID: DRUPAL-SA-CONTRIB-2010-018
- Project: Content Distribution (third-party module)
- Version: 6.x
- Date: 2010 February 17
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Mulitple Vulnerabilities
Categories: Security
SA-CONTRIB-2010-017 - iTweak Upload - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-017
- Project: iTweak Upload (third-party module)
- Version: 6.x
- Date: 2010 February 17
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-016 - Graphviz Filter - arbitrary code execution
- Advisory ID: DRUPAL-SA-CONTRIB-2010-016
- Project: Graphviz Filter (third-party module)
- Version: 6.x, 5.x
- Date: 2010 February 10
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Security
SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution
- Advisory ID: DRUPAL-SA-CONTRIB-2010-015
- Project: Signwriter (third-party module)
- Version: 5.x, 6.x
- Date: 2010-February-3
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Security
SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution
- Advisory ID: DRUPAL-SA-CONTRIB-2010-014
- Project: Node Export (third-party module)
- Version: 5.x, 6.x
- Date: 2010-February-3
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Security
SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-013
- Project: Menu Breadcrumb (third-party module)
- Version: 6.x
- Date: 2010-February-03
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)
- Advisory ID: DRUPAL-SA-CONTRIB-2010-012
- Project: ODF Import (third-party module)
- Version: 6.x-1.0
- Date: 2010-February-3
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-011
- Project: Feedback (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-27
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-010 - Author Contact - Cross site scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-010
- Project: Author Contact (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-27
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-009 - Block Class - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-009
- Project: Block Class (third-party module)
- Version: 6.x-1.2, 5.x-1.1
- Date: 2010-January-20
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-008
- Project: Recent Comments (third-party module)
- Version: 6.x-1.0, 5.x-1.2
- Date: 2010-January-20
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
SA-CONTRIB-2010-007 - Control Panel - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-007
- Project: Control Panel (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-20
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Security
