5 matches found
SalesCloud - Critical - Unsupported - SA-CONTRIB-2017-008
This module Connects Drupal to SalesCloud's API, a Commerce Platform as a Service. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes. Versions affected All versions Drupal core is not affected. If you do not use th...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...
Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004
This module enables you to to display video, image, and audio files from various third party providers The module doesn't sufficiently sanitize path arguments under certain scenarios. This vulnerability is mitigated by the fact that an attacker must be able to trick an administrator into visiting...
Spotlight - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-142
The Spotlight module provides a tool that mimics Mac OS X Spotlight functionality. It provides faster access to content, paths and uploaded files. The module doesn't sufficiently sanitize node titles when displayed in results. This vulnerability is mitigated by the fact that an attacker must have...
SA-CONTRIB-2013-084 - FileField Sources - Access Bypass
This module expands on the FileField module by allowing you to select new or existing files through additional means, such as re-using files with an auto-complete textfield, attaching server-side files uploaded via FTP, transferring file files from a remote server, pasting a file directly from th...