D8 Editor File upload - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-059

This module enables you to upload files directly within the CKEditor and create a link to download the given file. The module doesn't sufficiently check the uploaded file extensions when the allowed extensions list is not the default one. This vulnerability is mitigated by the fact that an attack...

Workbench Moderation - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-060

This module enables you to create and manage custom editorial workflows around a site's content. The module could result in unpublished content being temporarily made visible via content lists, e.g. as generated by Views, when its editorial status was being changed, e.g. from "draft" to "needs...

Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050

Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...

Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

This module enables you to organize and export configuration data. The module doesn't sufficiently protect the admin/structure/features/cleanup path with a token. If an attacker can trick an admin with the "manage features" permission to request a special URL, it could lead to clearing the cache...

Fieldable Panels Panes - Moderately Critical - Access Bypass - SA-CONTRIB-2016-014

This module enables you to create fieldable entities that have special integration with Panels. The module doesn't check access permissions on a file when it is attached to a field on a Fieldable Panels Panes entity that has been made private and where the file field is set to store files using t...

Node Notify - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-013

Node Notify is a lightweight module to allow subscription to comments on nodes for registered and anonymous users. The module doesn't sufficiently sanitize some user provided content, leading to a Cross Site Scripting vulnerability. Additionally, some paths were not protected against CSRF. An...

Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007

This module provides an API that other modules can use to add realtime capabilities to Drupal, specifically enabling pushing updates to open connected clients. The module doesn't disconnect unauthenticated sockets, allowing those sockets to receive broadcast messages. For sites that only serve...

CAS - Moderately Critical - Information Disclosure - DRUPAL-SA-CONTRIB-2016-005

This module enables you to use your Drupal site as a client or server for the single sign on protocol CAS. This vulnerability only affects sites that use the "CAS Server" sub module. The module doesn't allow an administrator to restrict which CAS clients are allowed authenticate with the Drupal C...

RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002

The Redhen set of modules allows you to build a CRM features in a Drupal site. When rendering individual Contacts, this module does not properly filter the certain data prior to display. When rendering listing of notes or engagement scores, these modules do not properly filter certain data before...

Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166

This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses depending on module usage. The default encryption method could...

Monster Menus - Access Bypass - Moderately Critical - SA-CONTRIB-2015-163

Monster Menus is a hierarchical menu tree, which provides highly scalable, granular permissions for all pages within a site. The module includes an option to remove nodes from view add them to a "recycle bin" rather than deleting them outright. When a node has been put into a bin using an affecte...

Quick Edit - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-137

This module enables you to in-place edit entities' fields. The module doesn't sufficiently filter entity titles under the scenario where the user starts in-place editing an entity. The module also doesn't sufficiently filter node titles under the scenario where a node is displayed albeit only on...

Novalnet Payment Module Ubercart - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-116

This module enables you add the Novalnet payment service provider to Ubercart. The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability. Since the affected path is not protected against CSRF, a malicious user can exploi...

Entityform Block - Moderately Critical - Access Bypass - SA-CONTRIB-2015-106

This module enables you to display an entityform as a block. The module doesn't sufficiently check permissions on the entityform under scenarios where the form is locked to a certain role. CVE identifiers issued CVE-2015-5493 Versions affected Entityform Block 7.x-1.x versions prior to 7.x-1.3...

Dynamic display block - Less Critical - Access bypass - SA-CONTRIB-2015-104

This module enables you to showcase featured content at a prominent place on the front page of the site in an attractive way. The module doesn't sufficiently protect access to content a user has no access to. In certain scenarios a user with the "administer ddblock" permission can see titles of...

Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098

Keyword Research module enables you to tag and prioritize keywords on a site and node level basis. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause another user with "kwresearch admin site keywords" permission to create, delete and set priorities to...

Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082

This module enables you to add navigation to your webpages colloquially referred to as "breadcrumbs". The module doesn't sufficiently sanitize custom HTML separators for breadcrumbs, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacke...

SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting (XSS)

Profile2 Privacy module enables you to show or hide parts of a profile2 entity based on pre-configured field sets with a title and description. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is...

SA-CONTRIB-2015-075 - Perfecto - Open Redirect

The Perfecto module allows themers accurately calibrate the CSS by floating compositions over the page. The module doesn't sufficiently check user supplied URLs in parameters used for page redirection. An attacker could trick users to visit malicious sites without realizing it. CVE identifiers...

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)

SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...

SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass

This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The RESTWS Basic Auth submodule doesn't sufficiently disable page caching for authenticated requests thereby leaking potentially...

SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting (XSS) - Unsupported

The Node Access Product module provides 'Node access' settings for product nodes, whereby users who purchase the product are granted view access to content, which can be predefined either by taxonomy, by node, or by Views. The module doesn't sufficiently sanitize node titles leading to the...

SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect

Commerce WeDeal module enables you to do Commerce payments through the payment provider WeDeal. The module doesn't sufficiently check a query parameter used for page redirection, thereby leading to an Open Redirect vulnerability. CVE identifiers issued CVE-2015-3393 Versions affected Commerce...

SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS)

The Freelinking module implements a filter framework for easier creation of HTML links to other pages on the site or to external sites. The module does not sanitize the node title when providing a link to the node, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated ...

SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting

The Addressfield Tokens module extends the Addressfield module by adding full token support. The module doesn't sufficiently filter malicious user input, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)

The CKEditor module and its predecessor, FCKeditor module allows Drupal to replace textarea fields with CKEditor 3.x/4.x FCKeditor 2.x in case of FCKeditor module - a visual HTML editor, sometimes called WYSIWYG editor. Both modules define a function, called via an ajax request, that filters text...

SA-CONTRIB-2014-070 - Password Policy - Access Bypass

The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords. Access Bypass 7.x only Password Policy has a Password Change Tab submodule which provides a tab for a user to change their password. Password Policy also has a...

SA-CONTRIB-2014-054 - Views - Access Bypass

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module doesn't sufficiently check handler access when returning the list of handlers from viewplugindisplay::gethandlers. The...

SA-CONTRIB-2014-045 - Drupal Commons - Multiple Vulnerabilities

This SA contains two patches against Drupal Commons Views Bulk Operations Access Bypass Drupal commons comes with a view to moderate reported content, which is intended for authenticated users to view which content has been reported. Since it has hard coded VBO operations within the view, and...

SA-CONTRIB-2014-041 - Block Search - SQL Injection

Block Search module provides an alternative way of managing blocks. The module doesn't properly use Drupal's database API resulting in user-provided strings being passed directly to the database allowing SQL Injection. This vulnerability is mitigated by the fact that an attacker must either use a...

SA-CONTRIB-2014-035 - CAS Server - Access Bypass

The casserver module of the CAS project implements the CAS 1.0 and 2.0 specifications for providing a single sign-on to relying party web application the "service" in CAS specs. The CAS server creates single-use tickets when serving a user's login request, which is subsequently deleted when the...

SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure

The SexyBookmarks module is a port of the WordPress SexyBookmarks plug-in. The module adds social bookmarking using the Shareaholic service. The module discloses the private files location when Drupal 6 is configured to use private files. This vulnerability is mitigated by the fact that only site...

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the...

SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass

This CTools module provides a set of APIs and tools to improve the developer experience. The module doesn't sufficiently enforce node access when providing an autocomplete list of suggested node titles, allowing users with the "access content" permission to see the titles of nodes which they shou...

SA-CONTRIB-2013-019 - Ubercart Views - Cross site scripting (XSS)

Ubercart Views provides Views integration for the Ubercart shopping cart module. The "full name" field in Views is not properly sanitized on output. The vulnerability is mitigated by the fact that an attacker must get far enough in the checkout process to store their name with an order. CVE...

SA-CONTRIB-2012-145 - Imagemenu - Cross Site Scripting (XSS)

Imagemenu module allows you to create Drupal menus from images files. The module doesn't sufficiently escape image file names when rendering menus, allowing a potential XSS attack. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

SA-CONTRIB-2012-041 - Fancy Slide - Cross Site Scripting (XSS)

CVE: CVE-2012-2068 This module enables you to create slideshow blocks to embed into templates. The module doesn't sufficiently filter user supplied text. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fancyslide". Versions affected...

SA-CONTRIB-2012-034 - Node Recommendation Cross Site Scripting (XSS)

CVE: CVE-2012-1659 This module shows users other nodes that they might be interested in based on a simple logic and using taxonomy. The aim of this module is to provide sensible defaults and an easy configuration for less-technical users and to allow it to be manually overriden. The module doesn'...

SA-CONTRIB-2012-007 - Password Policy - Multiple vulnerabilities

This module enables you to specify a certain level of password complexity aka. "password hardening" for user passwords on a system by defining a policy. Cross Site Request Forgery CSRF CVE: CVE-2012-1633 Unblocking a user does not require sufficient confirmation by administrative users and can be...

SA-CONTRIB-2011-059 - Meta tags quick - Cross Site Scripting (XSS)

The Meta tags quick module provides a simple tool to add meta tags to a site. The module doesn't consistently filter user input which could lead to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

SA-CONTRIB-2011-056 - Webform Validation Cross Site Scripting

The Webform Validation module enables you to add form validation rules to Webform components through a UI. The module contains multiple cross site scripting XSS vulnerabilities due to the fact that it fails to sanitize certain user entered text prior to displaying in the browser. This vulnerabili...

SA-CONTRIB-2011-029 - Taxonomy Filter - Cross Site Scripting

The Taxonomy Filter module enables users to filter taxonomy listings to find content tagged by multiple terms. Older versions of the module were susceptible to a Cross Site Scripting XSS attack by way of vocabulary names. The vulnerability was mitigated by the fact that an attacker must have a ro...

SA-CONTRIB-2011-011 - Secure Pages - Open redirect

The Secure Pages module allows administrators to choose certain URLs that must be delivered over HTTPS. An open redirection bug allows an attacker to formulate a URL in a way that redirects the user to an arbitrarily provided URL. Versions affected Secure Pages module for Drupal 6.x versions prio...

SA-CONTRIB-2010-100 - Ubuntu Drupal Theme - Directory traversal and information disclosure

This Ubuntu Drupal Theme - Brown is designed to mimic the old ubuntu.com. The theme used a PHP file to generate a gradient image on the fly. User input from the URL is not properly validated in this PHP code, leading to a directory traversal vulnerability where the contents of any file readable b...

SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities

The Domain Access module suite allows users to maintain content shared across multiple domains running from a single Drupal installation. In several instances, the module does not sanitize the user-supplied domain name before displaying it, leading to a Cross-Site Scripting XSS vulnerability that...

SA-CONTRIB-2010-088 - Content Construction Kit (CCK) - Access Bypass

The Content Construction Kit CCK project is a set of modules that allows you to add custom fields to nodes using a web browser. The CCK "Node Reference" module provides a backend URL that is used for asynchronous requests by the "autocomplete" widget to locate nodes the user can reference. In som...

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

Ogone | Ubercart payment is a payment module for Ubercart that integrates Ogone PSP gateway as a checkout method for Ubercart. The module does not always correctly verify the order status returned by the Ogone gateway, potentially allowing unpaid orders to be processed. Versions affected Ogone |...

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

The AddonChat module provides Drupal integration with the AddonChat Java chat room. Due to unsafe handling of the global $user object, failed authentication at the custom addonchatauth.php script will log in an attacker as the chosen user. Additionally, several configuration variables are not...

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...