SA-CONTRIB-2014-039 - Revisioning - Access Bypass

This module enables you to manage publication workflows whereby new, not publicly visible revisions of existing published content may be created by an author for review, while the current revision remains live to the public. The new revision does not go live until it is approved by a moderator wi...

SA-CONTRIB-2014-034 - Custom Search - Cross Site Scripting

The Custom Search module alters the default search box to provide additional search filtering options and control. Custom Search contains a persistent cross-site scripting XSS vulnerability due to the fact that it fails to sanitize filter labels before display. This vulnerability is mitigated by...

SA-CONTRIB-2014-035 - CAS Server - Access Bypass

The casserver module of the CAS project implements the CAS 1.0 and 2.0 specifications for providing a single sign-on to relying party web application the "service" in CAS specs. The CAS server creates single-use tickets when serving a user's login request, which is subsequently deleted when the...

SA-CONTRIB-2014-036 - Print - Cross Site Scripting

This module provides printer-friendly versions of content, including send by e-mail and PDF versions. The module does not sufficiently sanitize user provided input when generating the printed version of a node. This is mitigated by the fact that an attacker must have permission to create a node...

SA-CONTRIB-2014-032 - Xapian integration - Access Bypass

This module enables you to use Xapian system to do searches of a Xapian index from within drupal. The module doesn't verify node access rights when a node is loaded for display after the search happened in Xapian. This vulnerability is mitigated by the fact that the system must be using a node...

SA-CONTRIB-2014-033 - Nivo Slider - Cross Site Scripting

Nivo Slider provides a way to showcase featured content. Nivo Slider gives administrators a simple method of adding slides to the slideshow, an administration interface to configure slideshow settings, and simple slider positioning using the Drupal block system. The module doesn't sufficiently...

SA-CONTRIB-2014-031 - Webform Template - Access Bypass

This module enables you to copy webform config from one node to another. The module doesn't respect node access when providing possible nodes to copy from. As a result, a user may be disclosed the titles of nodes he does not have view access to and as such he may be able to copy the webform...

SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure

The SexyBookmarks module is a port of the WordPress SexyBookmarks plug-in. The module adds social bookmarking using the Shareaholic service. The module discloses the private files location when Drupal 6 is configured to use private files. This vulnerability is mitigated by the fact that only site...

SA-CONTRIB-2014-028 - Masquerade - Access bypass

This module allows a user with the right permissions to switch users. When a user has been limited to only masquerading as certain users via the "Enter the users this user is able to masquerade as" user profile field, they can still masquerade as any user on the site by using the "Enter the...

SA-CONTRIB-2014-027 - NewsFlash Theme - XSS

Newsflash is a theme that features 7 color styles, 12 collapsible regions, suckerfish menus, fluid or fixed widths, built-in IE transparent PNG fix, and lots more. The theme does not sanitize the user provided theme setting for the font family CSS property, thereby exposing a cross-site scripting...

SA-CONTRIB-2014-029 - Mime Mail - Access Bypass

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. By default the module only allows files to be embedded or attached that are located in the public files directory. The module doesn't sufficiently check the file location, considering similar...

SA-CONTRIB-2014-026 - Mime Mail - Access bypass

The MIME Mail module allows processing of incoming MIME-encoded e-mail messages with embedded images and attachments. The default key for the authentication of incoming messages is generated from a random number. On some platforms such as Windows the maximum value of this number is only 32767 whi...

SA-CONTRIB-2014-023 - Project Issue File Review - XSS

The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...

SA-CONTRIB-2014-025 - Open Omega - Access Bypass

This theme is a sub theme of omega used as as a sample theme for the open Public Distribution. The theme doesn't sufficiently check the users menu access when building the header and footer menus, so that it can expose the title and path of restricted items in the menu. This vulnerability is...

SA-CONTRIB-2014-024 - Content Lock - CSRF

This module prevents people from editing the same content at the same time. It adds a locking layer to nodes. It does not protect from CSRF. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes. Versions affected All...

SA-CONTRIB-2014-022 - Slickgrid - Access bypass

The Slickgrid module is an implementation of the jQuery slickgrid plugin, a lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view style, so all data can be output as an editable grid. The module doesn't check access sufficiently, allowing users to edit and change field values o...

SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

The Maestro module enables you to create complex workflows, automating business processes. The module doesn't sufficiently filter Role or Organic Group names when displaying them in the workflow details. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)

Drupal Commons is a ready-to-use solution for building either internal or external communities. It provides a complete social business software solution for organizations. Drupal Commons displays an "activity stream" containing messages about actions users take on the site. In some cases, message...

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

The Webform Validation module enables you to add additional form validation rules to Webforms created by the Webform module. The module doesn't sufficiently filter component name text before display, opening up the possibility of cross site scripting. This vulnerability is mitigated by the fact...

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...

SA-CONTRIB-2014-015 - FileField - Access Bypass

FileField module allows users to upload files with in conjunction with the Content Construction Kit CCK module in Drupal 6. The module doesn't sufficiently check permissions on revisions when determining if a user should have access to a particular file attached to that revision. A user could gai...

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

This module enables you to resize images based on the HTML contents of a post. Images with specified height and width properties that differ from the original image result in a resized image being created. The module doesn't limit the number of resized images per post or user, which could allow a...

SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability

The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...

SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass

This module provides content editors with an autocomplete callback for entity titles, as well as an ability to embed content within the Chaos tool suite ctools framework. Prior to this version, ctools did not sufficiently check access grants for various types of content other than nodes. It also...

SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)

This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with th...

SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the...

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...

SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

This module enables provides an API to render an iframe within a modal dialog based on the jQuery UI Dialog plugin. You should not install this module unless another module requires you to, or you wish to use it for your own custom modules. The module doesn't sufficiently filter user supplied tex...

SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation

The Services module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. User update access bypass vulnerability An authenticated user is able to assign additional roles to themselves, which means they can escalate their privileges by assigning an...

SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities

This module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. The form API provides a method for developers to submit forms programmatically using the function drupalformsubmit. During programmatic form submissions, all access checks are deliberately...

SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)

A tribune is a type of chatroom. The module doesn't sufficiently filter user provided text from Tribune node titles. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a Tribune node. CVE identifiers issued CVE-2014-8075 Versions affected...

SA-CONTRIB-2014-005 - Leaflet - Access bypass

The Leaflet module enables you to display an interactive map using the Leaflet library, using entities as map features. The module exposes complete data from entities used as map features to any site visitor with a Javascript inspector like Firebug. CVE identifiers issued ACVE identifier will be...

SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect

The Language Switcher Dropdown module enables you to place a block with a convenient drop-down language switcher. After choosing a value the user is redirected to the url of the relevant language. The module doesn't check that the url provided is a valid internal path prior to redirecting. CVE...

SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)

This module enables you to create blocks to place advertisements from the Google Double Click for Publishers API DFP. The module doesn't sufficiently sanitize the slot names prior to output into HTML. This vulnerability is mitigated by the fact that an attacker must have a role with the permissio...

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

This module allows for storing data securely in a cookie through implementing the Secure Cookie Protocol. Ability to alter trusted data in the cookie The module did an incorrect comparison of the HMAC value, allowing a bypass of the HMAC verification which allows changing the cookie value. Known...

SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)

This module allows anonymous users to fill in their contact information name, email and homepage when posting any content type including Forum Topics. This allows the submitted name to be shown instead of the usual anonymous string provided by Drupal core. The module doesn't properly sanitize the...

SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Impersonation OpenID module - Drupal 6 and 7 - Highly critical A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack...

SA-CONTRIB-2014-001 - Entity API - Access Bypass

The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. Comment, User and Node Statistics property access bypass CVE-2014-1398 The module's entity wrapper access API doesn't sufficiently protect comment, user and no...

SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability

The Ubercart module for Drupal provides a shopping cart and e-commerce features for Drupal. The module doesn't sufficiently protect against session fixation attacks when a user is automatically logged in to a newly created account during checkout. This vulnerability is mitigated by the fact that ...

SA-CONTRIB-2013-097 - OG Features - Access bypass

This module enables you to enable and disable bundles of functionality for individual Organic groups. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually i...

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...

SA-CONTRIB-2013-094 - EU Cookie Compliance - Cross Site Scripting (XSS)

This module enables you to display notifications so that visitors can give their consent to setting cookies by your website. The module doesn't sufficiently fiter and validate configuration values entered by administrators. This vulnerability is mitigated by the fact that an attacker must have a...

SA-CONTRIB-2013-093 - Invitation - Access Bypass

The Invitation module restricts registration to users who have an invite code for running a private beta. The module provides default views that don't check access to views prior to displaying private information like usernames and email addresses. CVE identifiers issued CVE-2013-7063 Versions...

SA-CONTRIB-2013-095 - Organic Groups - Access bypass

Two issues exist within entity references and permissions relating to OG, allowing users potential access bypass. Posting content into groups where a user is not a member Organic Groups does not sufficiently check the group audience fields e.g. oggroupref field from being populated with invalid...

SA-CONTRIB-2013-096 - Entity reference - Access bypass

By default, with an autoselect or a select widget, a user cannot autocomplete an entity title, nor can they select an entity that they have no access to. This will correctly throw a 'invalid id' error and does not show the title of the entity. However, if a user A that has access to the reference...

SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability.

This module enables you to make life difficult for certain users, such as trolls, as an alternative to banning or deleting them from a community. The module provides means by which to punish members of your website. The aim of misery is to be not traceable by users on the misery list, so misery...

SA-CONTRIB-2013-090 - Revisioning - Access Bypass

This module enables you to create content publication workflows whereby one version of the content is "live" publicly visible, while another is being edited and moderated privately until found fit for publication. The module doesn't sufficiently apply node access permissions when used in...

SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass

This module enables you to manage groups and assign content and users to groups. The module doesn't sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module. CVE identifiers issued CVE-2013-4598...

SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass

This module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users' payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that prevented th...

SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...