#security

Drupal Security Advisories that are reported, fixed and/or coordinated by me.
10/10/2018 - 19:01

NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066

https://www.drupal.org/sa-contrib-2018-066

08/08/2018 - 20:07

PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055

https://www.drupal.org/sa-contrib-2018-055

07/18/2018 - 21:10

XML Sitemap - Moderately Critical - Information Disclosure - SA-CONTRIB-2018-053

https://www.drupal.org/sa-contrib-2018-053

06/06/2018 - 18:26

Entity Delete - Critical - Multiple Vulnerabilities - SA-CONTRIB-2018-040

https://www.drupal.org/sa-contrib-2018-040

05/09/2018 - 22:28

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2018-027

https://www.drupal.org/sa-contrib-2018-027

05/09/2018 - 21:57

Scrollable Content - Critical - Unsupported - SA-CONTRIB-2018-026

https://www.drupal.org/sa-contrib-2018-026

05/09/2018 - 21:56

Simple Taxonomy Revision - Critical - Unsupported - SA-CONTRIB-2018-025

https://www.drupal.org/sa-contrib-2018-025

02/14/2018 - 20:01

Dynamic Banner - Critical - Module Unsupported - SA-CONTRIB-2018-011

https://www.drupal.org/sa-contrib-2018-011

02/07/2018 - 19:46

Entity Reference Tab / Accordion Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-008

https://www.drupal.org/sa-contrib-2018-008

02/07/2018 - 18:51

FileField Sources - Moderately critical - Access Bypass - SA-CONTRIB-2018-007

https://www.drupal.org/sa-contrib-2018-007

 

01/31/2018 - 19:17

Taxonomy Term Reference Tree Widget - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-006

https://www.drupal.org/sa-contrib-2018-006

12/20/2017 - 16:00

ComScore direct tag - Less critical - Cross site scripting - SA-CONTRIB-2017-095

https://www.drupal.org/sa-contrib-2017-095

12/06/2017 - 20:02

Node feedback - Moderately critical - Access Bypass - SA-CONTRIB-2017-092

https://www.drupal.org/sa-contrib-2017-092

 

12/06/2017 - 19:45

Feedback Collect - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-090

https://www.drupal.org/sa-contrib-2017-090

11/29/2017 - 19:22

bootstrap_carousel - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-088

https://www.drupal.org/sa-contrib-2017-088

11/29/2017 - 19:15

Cloud - Critical - CSRF - SA-CONTRIB-2017-086

https://www.drupal.org/sa-contrib-2017-086

10/25/2017 - 18:30

Mosaik - Moderately critical - Cross-site scripting - SA-CONTRIB-2017-080

https://www.drupal.org/sa-contrib-2017-080

10/18/2017 - 18:49

Yandex.Metrics - Moderately critical - Cross site scripting - SA-CONTRIB-2017-78

https://www.drupal.org/sa-contrib-2017-78

09/20/2017 - 20:48

Skype Status - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-076

https://www.drupal.org/forum/newsletters/security-advisories-for-contributed-projects/2017-09-20/skype-status-moderately

08/09/2017 - 16:53

Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066

https://www.drupal.org/forum/newsletters/security-advisories-for-contributed-projects/2017-08-09/facebook-like-button