1940 matches found
Menu Views - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-055
This module enables users to create menu items that render views instead of links. This is useful for creating "mega-menus". The module doesn't sufficiently filter title and breadcrumb fields for possible cross-site scripting. This vulnerability is mitigated by the fact that an attacker must have...
Workbench Moderation - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-060
This module enables you to create and manage custom editorial workflows around a site's content. The module could result in unpublished content being temporarily made visible via content lists, e.g. as generated by Views, when its editorial status was being changed, e.g. from "draft" to "needs...
Like/Dislike - Critical - Cross Site Request Forgery - SA-CONTRIB-2016-056
Cross Site Request Forgery Like/Dislike module can be used to Like and Dislike actions on any content. It is powered by Drupal field concept. The module does not verify user intent on like/dislike links thereby exposing a Cross Site Request Forgery CSRF vulnerability. CVE identifiers issued ACVE...
Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054
This module enables you to run NCBI BLAST jobs on the host system. The module doesn't sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be executed when the BLAST job is run. This...
Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053
This module provides a user interface to create and configure forms called Webforms. When using forms with private file uploads, Webform wasn't explicitly denying access to files it managed which could allow access to be granted by other modules. The vulnerability is mitigated by the fact that...
Elysia Cron - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-052
This module enables you to manage cron jobs. The module doesn't sufficiently sanitize the cron rules which are entered into "Predefined rules" field thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...
Flag Lists - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-051
This module enables regular users to create unlimited private flags called lists. The flaglists module doesn't sufficiently filter the output when applying token strings to flaglists links leading to a persistent Cross Site Scripting XSS attack. This vulnerability is mitigated by the fact that an...
Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050
Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...
Workbench Scheduler - Moderately Critical - Access Bypass - SA-CONTRIB-2016-049
Workbench Scheduler module provides users with the ability to create schedules that change moderated content from one workbench moderation state to another. An authenticated user could add a schedule to a node even when that content type has schedules disabled. The vulnerability is mitigated by t...
Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046
The Hosting module is a core component of the Aegir Hosting System. This install profile, and accompanying suite of modules, is a hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites. The Hosting module does not sufficiently control access to any cust...
Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047
Panels does not check access on some routes Critical Panels allows users with certain permissions to modify the layout and panel panes on pages or entities utilizing panels. Much of the functionality to modify these panels rely on backend routes that call administrative forms. These forms did not...
Piwik - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-043
This module enables you to add integration with Piwik statistics service. The module allows admin users to enter custom JavaScript snippets to add advanced tracking functionality. The permission required to enter this JavaScript was not marked as restricted. This vulnerability is mitigated by the...
Require Login - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2016-045
This module enables you to restrict site access without using user roles or permissions. The module does not sufficiently escape some of its settings, and, in some cases, allows malicious users to bypass the protection offered by Require Login. CVE identifiers issued ACVE identifier will be...
OAuth2 Client- Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2016-044
This module provides an OAuth2 client. The module does not check the validity of the state parameter, during server-side flow, before getting a token. This may allow a malicious user to feed a fake accesstoken to another user, and subsequently provide him fake data from the server. This page...
Google Analytics - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-042
This module enables you to add integration with Google Analytics statistics service. The module allows admin users to enter custom JavaScript snippets to add advanced tracking functionality. The permission required to enter this JavaScript was not marked as restricted. This vulnerability is...
Administration Views - Critical - Access bypass - SA-CONTRIB-2016-041
Administration Views module replaces overview/listing pages with actual views for superior usability. The module does not check access properly under certain circumstances. Anonymous users could get access to read information they should not have access to. CVE identifiers issued ACVE identifier...
Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038
The Webform Multiple File Upload module allows users to upload multiple files on a Webform. The Webform Multifile File Upload module contains a Remote Code Execution RCE vulnerability where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution...
RESTWS - Highly critical - Remote code execution - SA-CONTRIB-2016-040
This module enables you to expose Drupal entities as RESTful web services. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an attacker to send specially crafted requests resulting in arbitrary PHP execution. There...
Coder - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-039
The Coder module checks your Drupal code against coding standards and other best practices. It can also fix coding standard violations and perform basic upgrades on modules. The module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticat...
Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037
This module enables you to authenticate with Instagram's API via an intermediary service instagram.yanniboi.com. The module doesn't sufficiently advise that your authentication tokens could be intercepted. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002
Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical A vulnerability exists in the User module, where if some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the...
Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036
An access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view. This issue is mitigated by the fact that the view must be configured to show a "Content...
Outline Designer - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-035
This module enables you to mass administer book outlines and perform common operations through one interface, improving the usability for the book module. The module doesn't sufficiently sanitize titles when presenting them on this interface. This vulnerability is mitigated by the fact that an...
Page Manager Search - Moderately Critical - Information disclosure - SA-CONTRIB-2016-032
This module enables you to make Panels pages and other pages managed by CTools' Page Manager submodule indexible and searchable through the standard Search module provided in Drupal core. The module doesn't block access to Page Manager pages which have been disabled. CVE identifiers issued ACVE...
REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033
This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...
Node Embed - Less critical - Denial of Service - SA-CONTRIB-2016-034
This module enables you to embed the contents of one node in the body field of another. The module doesn't sufficiently protect against a node being embedded in itself, or a loop being created of one node being embedded in another which is then itself embedded in the first node. This vulnerabilit...
Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031
This module enables you to enter opening hours for locations in a highly detailed way. The module doesn't sufficiently escape input data from user input. This vulnerability is mitigated by the fact that an attacker must be able to edit opening hours by having a role with the permission “Edit...
XML Sitemap - Moderately Critical - XSS - SA-CONTRIB-2016-030
The XML Sitemap module enables you to create sitemaps which help search engines to more intelligently crawl a website and keep their results up to date. The module doesn't sufficiently filter the URL when it is displayed in the sitemap. This vulnerability is mitigated if the setting for "Include ...
Registration Codes - Less Critical - Input Validation Vulnerability - SA-CONTRIB-028
This module enables you to allow users to enter a special registration code in order to sign up for the site. The module doesn't sufficiently validate the entered registration code CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Securit...
Dropbox client - Multiple Vulnerabilities - SA-CONTRIB-2016-027
This module enables you to view dropbox files in your Drupal site. The module doesn't sufficiently sanitize filenames when displaying them to users or administrators leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must be able to...
Open Atrium Notifications - Less Critical - Information Disclosure - SA-CONTRIB-2016-026
Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content. When combined with the Open Atrium Mailhandler app, incoming email replies to...
Fieldable Panels Panes - Moderately Critical - XSS - SA-CONTRIB-2016-025
This module enables you to create fieldable entities that have special integration with Panels. The module doesn't sufficiently filter the entity title or admin title fields when they are displayed in either the Panels admin UI or the In-Place Editor IPE, allowing for specially crafted XSS attack...
Organic groups - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2016-023
This module enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate among themselves. Selective groups require approval in order to become a member, or even invitation-only groups. Under the certain fiel...
Search API - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-022
This module enables you to build searches using a wide range of features, data sources and backends. Search index not updated by node access changes The module doesn't sufficiently re-index nodes when using the "Node access" or "Access check" data alterations and non-standard ways of changing nod...
Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020
This module enables you to organize and export configuration data. The module doesn't sufficiently protect the admin/structure/features/cleanup path with a token. If an attacker can trick an admin with the "manage features" permission to request a special URL, it could lead to clearing the cache...
Boost - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-021
This module provides static page caching for Drupal enabling a very significant performance and scalability boost for sites that receive mostly anonymous traffic. The module doesn't prevent form cache from leaking between anonymous users which could result in information disclosure, where one use...
HybridAuth - Less critical - Multiple vulnerabilities - SA-CONTRIB-2016-018
The HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. Open redirect The module doesn't verify the "destination" redirect after a login to be a non-external URL causing an ope...
Drupal Commerce - Less Critical - Information disclosure - SA-CONTRIB-2016-019
This module enables you to build an online store that uses nodes to display products through the use of product reference fields. The default widget for those fields is an autocomplete textfield similar to the taxonomy term reference field's autocomplete widget. As you type in the textfield, the...
Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017
The Login one time module provides the ability to email one-time login links to users. The module doesn't sufficiently sanitize user input supplied to an ajax callback function. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security...
Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016
This module enables you to show IMDB-like suggestions when entering terms into an input field using json files to "cache" suggestions making the autocomplete very fast. The module doesn't sufficiently validate the incoming language parameter in the request path when a json file of the module is...
Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015
When a PDF is uploaded in Scald File, various tools can be executed if they're installed on the server, to try to generate a thumbnail out of that PDF. This is mitigated by the need to have the sufficient permissions to upload a file in Scald, and also to have at least one of the thumbnail creati...
Hubspot CTA - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-012 - Unsupported
This module enables you to embed a Hubspot CTA buttons widget in a Bean block. The module allows configuration of a CTA ID and Account ID while adding a bean block for a CTA button, but doesn't sufficiently sanitise these parameters, allowing a potential cross-site scripting attack. This...
Google Analytics Counter - Moderately Critical - CSRF - SA-CONTRIB-2016-011
The Google Analytics Counter module provides total pageview counts for each page on a website. In that it is similar to the core Statistics module counter, but it is much lighter and ultimately faster because it draws on data from Google Analytics. This is why it is also able to effortlessly coun...
Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009
The Prepopulate module allows form fields to be pre-populated in the request. The Prepopulate module does not adequately prevent a user from overwriting arbitrary parts of $REQUEST. It also does not prevent pre-populating certain fields that are not displayed or manipulating markup fields to alte...
USASearch - Moderately Critical - Access Bypass - SA-CONTRIB-2016-010
This module indexes public content using USASearch, a program of the General Services Administration’s Office of Citizen Services and Information Technology OCSIT, which offers free search services to any federal, state, local, tribal, or territorial government agency that can be used to search o...
Fieldable Panels Panes - Moderately Critical - Access Bypass - SA-CONTRIB-2016-014
This module enables you to create fieldable entities that have special integration with Panels. The module doesn't check access permissions on a file when it is attached to a field on a Fieldable Panels Panes entity that has been made private and where the file field is set to store files using t...
Node Notify - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-013
Node Notify is a lightweight module to allow subscription to comments on nodes for registered and anonymous users. The module doesn't sufficiently sanitize some user provided content, leading to a Cross Site Scripting vulnerability. Additionally, some paths were not protected against CSRF. An...
FileField - Denial of Service - SA-CONTRIB-2016-008
FileField module allows users to upload files in conjunction with the Content Construction Kit CCK module in Drupal 6. The module doesn't validate that a request to delete a temporary file was made by the user who uploaded the file. An attacker can use this vulnerability to delete other user's fi...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...