1940 matches found
SA-2008-055 - Stock - Cross site scripting
The stock module provides the ability to query price quotes and trading volumes from various stock markets. An oversight in the menu permissions code allows any user to change the text of the heading at the top of the stock quotes page. As this text is not escaped, it is safe only for an...
SA-2008-056 - Simplenews - Cross site scripting
Simplenews publishes and sends newsletters to lists of subscribers. Newsletter categories are not always properly escaped. This allows users with the "administer taxonomy" permission to add arbitrary HTML and script code to the site. Wikipedia has more information about such cross site scripting...
SA-2008-049 - Talk - Multiple vulnerabilities
The Talk module for Drupal 5.x and 6.x creates a "Talk" tab for nodes in which the comments belonging to the node are displayed. Two vulnerabilities and weaknesses were discovered in the contributed Talk module. Cross site scripting The node title is treated as if it was safe text, and is not...
SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities
The Taxonomy Autotagger will automatically tag a post with terms from a vocabulary if the terms are found in the content of the post. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with th...
SA-2008-042 - Tinytax - Cross site scripting
The Tinytax taxonomy block displays a vocabulary as a tree within a block. The module displays certain values without appropriate filtering. Malicious users with the permission to create taxonomy terms are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cro...
SA-2008-034 - Node Hierarchy - Access bypass
The contributed module Node Hierarchy allows nodes to be children of other nodes creating a tree-like hierarchy of content. Due to incorrectly implemented access checks, any user with the "access content" permission is able to rearrange the hierarchy. No private data is exposed, and no content ca...
SA-2008-027 - Ubercart - Cross site scripting
When certain product features were being edited, node titles were being printed to the screen as entered by the user. If a store owner had granted product creation rights to a non-secure user, this would provide an opportunity for a malicious user to perform a cross site scripting attack when...
SA-2008-023 - Ubercart - Cross site scripting
During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...
SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0
The OpenID module has a vulnerability which allows OpenID version 2.0 positive assertions that are not properly verified to return an invalid or impersonated claimedid. To exploit this vulnerability an attacker could set up an OpenID provider, example1.com, that claimed to be the authority for...
SA-2008-014 - Userpoints - Cross site request forgery
Userpoints is a system for keeping track of points earned on a site. It can be used to reward users for contributions to a community and also for ecommerce transactions. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to...
SA-2007-033 - Feature - CSRF
Feature is a contributed module that lets you organize and maintain a feature list by category. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The feature deletio...
Project issue tracking - Access bypass
If a remote user knows the node identifier of an issue that has been marked private using a node access module simpleaccess, nodeprivacybyrole, etc, they can use a specially crafted URL to view the contents of the node, regardless of their own privileges. All that is required is the "access proje...
Image pager - Cross site scripting
The Image Pager module uses JavaScript to collect selected images from a page and display them one at a time in a block with previous/next pager links. HTML entities are decoded by the DOM functions used by Image Pager before being reinserted into the web page for display. As a result, a maliciou...
Help Tip - Multiple vulnerabilities
The contributed module Help Tip bypasses Drupal's database API and uses user-supplied data unescaped in queries, allowing malicious users to execute SQL injection attacks. These attacks may lead to administrator access. Node titles are not properly sanitised before being used in block titles. Thi...
Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048
The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...
Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a vector that can be used to achieve remote code execution or SQL injection if the application...
Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery. The URL discovery code could be leveraged to trick Drupal into making server-side requests to any URL...
Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...
Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...
Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107
This module integrates Plausible Analytics on a site. The module did not properly filter output in certain cases. This vulnerability is mitigated by the fact that an attacker must have permission to add raw HTML to the website, such as an unfiltered WYSIWYG field on a public-facing comment...
Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently check access to entities when they are displayed as facets. This vulnerability is mitigated by the fact that only sites that show facets with entity labels like taxonomy terms are...
GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078
GLightbox module is a pure Javascript lightbox for CKEditor. The module doesn't sufficiently filter user-supplied text for the GLightbox Javascript library leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
The module enables you to add second-factor authentication in addition to the default Drupal login. The module does not sufficiently ensure that known login routes are protected. This vulnerability is mitigated by the fact that an attacker must obtain the user's username and password...
Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery CSRF attacks...
Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...
baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034
The baguetteBox.js module provides integration with baguetteBox.js library. The module doesn't sufficiently sanitize user-supplied text values leading to a cross site scripting vulnerability...
Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...
Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041
The Smart IP Ban module enables a site to automatically ban an IP address based upon too many failed authentications. The module doesn't sufficiently protect access to certain paths provided by the module allowing a malicious user to view and modify the settings...
Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039
This module provides Drupal with various security-hardening options, for example by emitting various configurable HTTP response headers. The module doesn't sufficiently validate input in Content Security Policy CSP violation reports. This can cause errors when a logging module e.g. dblog or syslo...
Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035
This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle. The module doesn't properly check the user access to the original entity, allowing users to create a new entity they have permission to create...
Swift Mailer (abandoned) - Moderately critical - Access bypass - SA-CONTRIB-2024-006
The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides. The module could allow an attacker...
Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers user can view API keys for their respective Apps. The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for...
Modal - Moderately critical - Access bypass - SA-CONTRIB-2019-094
This project enables administrators to create modal dialogs. The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations...
Make Meeting Scheduler - Critical - Unsupported - SA-CONTRIB-2019-087
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...
Rabbit Hole - Moderately critical - Access bypass - SA-CONTRIB-2019-029
The Rabbit Hole module allows administrators to control what should happen when a regular user tries to view an entity at its own page; for example, it may deliver a 403 Access Denied or 404 Page Not Found response, or redirect the user to another path. The module doesn't respect the Rabbit Hole...
Responsive Menus - Moderately critical - Cross site scripting - SA-CONTRIB-2018-079
This module enables you to collapse your sites main menu on mobile, and show a menu toggle button. The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacke...
HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069
The HTML Mail module lets you theme your messages the same way you theme the rest of your website. When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. This issue is related to the Drupal Core release SA-CORE-2018-006...
Sagepay - Critical - Access Bypass - SA-CONTRIB-2018-005
This module integrates the Sagepay payment service. Some of the URLs used while processing the payment are not sufficiently secured. This might allow attackers to resume a previously failed payment attempt or to view content that should only be shown after a succesful payment. This affects all...
Cloud - Critical - CSRF - SA-CONTRIB-2017-086
This module enables sites to manage public clouds like Amazon EC2 and also private clouds like OpenStack. The module doesn't sufficiently protect the deletion of audit reports, thereby exposing a cross-site request vulnerability which can be exploited by unprivileged users to trick an administrat...
LDAP - Critical - Data Injection - SA-CONTRIB-2017-052
The LDAP module does not sanitize user input correctly in several cases, allowing a user to modify parameters without restriction and inject data. If the site administrator chooses to hide the email or password from the user form instead of showing or disabling it under "Authorization", these...
Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046
The Hosting module is a core component of the Aegir Hosting System. This install profile, and accompanying suite of modules, is a hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites. The Hosting module does not sufficiently control access to any cust...
Open Atrium Notifications - Less Critical - Information Disclosure - SA-CONTRIB-2016-026
Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content. When combined with the Open Atrium Mailhandler app, incoming email replies to...
Search API - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-022
This module enables you to build searches using a wide range of features, data sources and backends. Search index not updated by node access changes The module doesn't sufficiently re-index nodes when using the "Node access" or "Access check" data alterations and non-standard ways of changing nod...
Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017
The Login one time module provides the ability to email one-time login links to users. The module doesn't sufficiently sanitize user input supplied to an ajax callback function. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security...
SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting (XSS)
The Trick Question is a CAPTCHA-type spam prevention module; a lightweight, compact and simple alternative to larger and more complex modules. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. The vulnerability is...
SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
This module enables you to associate menus with Organic Groups OG. It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity form, etc. The module doesn't sufficiently check the menu parameters passed...
SA-CONTRIB-2014-089 - Geofield Yandex Maps - Cross Site Scripting (XSS)
The Geofield Yandex Maps module provides a Geofield widget, Geofield formatter, Views handler, Form element and Text filter to allow Yandex maps to be added to a site. The module does not sufficiently filter user-supplied text, resulting in a persistent Cross Site Scripting XSS vulnerability. The...
SA-CONTRIB-2014-028 - Masquerade - Access bypass
This module allows a user with the right permissions to switch users. When a user has been limited to only masquerading as certain users via the "Enter the users this user is able to masquerade as" user profile field, they can still masquerade as any user on the site by using the "Enter the...