The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

computer vulnerability announce 28457

Drupal Public Download Count: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Drupal Public Download Count, in order to redirect him to a malicious site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 07/02/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-012, VIGILANCE-VUL-28457.

Description of the vulnerability

An attacker can deceive the user of Drupal Public Download Count, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28063

Drupal JSON-API: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Drupal JSON:API, in order to escalate his privileges.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 20/12/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-081, VIGILANCE-VUL-28063.

Description of the vulnerability

An attacker can bypass restrictions of Drupal JSON:API, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28062

Drupal E-Sign: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal E-Sign, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/12/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-080, VIGILANCE-VUL-28062.

Description of the vulnerability

The E-Sign module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal E-Sign, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 27959

Drupal Responsive Menus: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Responsive Menus, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-079, VIGILANCE-VUL-27959.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Responsive Menus, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27958

Drupal Salesforce Suite: information disclosure via Title/ID

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Title/ID of Drupal Salesforce Suite, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/12/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-078, VIGILANCE-VUL-27958.

Description of the vulnerability

An attacker can bypass access restrictions to data via Title/ID of Drupal Salesforce Suite, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 27904

Drupal Date Reminder: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Drupal Date Reminder, in order to escalate his privileges.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 29/11/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-076, VIGILANCE-VUL-27904.

Description of the vulnerability

An attacker can bypass restrictions of Drupal Date Reminder, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 27902

Drupal Bootstrap: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 29/11/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-074, VIGILANCE-VUL-27902.

Description of the vulnerability

The Bootstrap module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 27681

Drupal Paragraphs: privilege escalation via Entities

Synthesis of the vulnerability

An attacker can bypass restrictions via Entities of Drupal Paragraphs, in order to escalate his privileges.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 05/11/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-073, VIGILANCE-VUL-27681.

Description of the vulnerability

An attacker can bypass restrictions via Entities of Drupal Paragraphs, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27680

Drupal Session Limit: privilege escalation via Session List

Synthesis of the vulnerability

An attacker can bypass restrictions via Session List of Drupal Session Limit, in order to escalate his privileges.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 05/11/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-072, VIGILANCE-VUL-27680.

Description of the vulnerability

An attacker can bypass restrictions via Session List of Drupal Session Limit, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 27679

Drupal Decoupled Router: information disclosure via Entity Labels

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Entity Labels of Drupal Decoupled Router, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 05/11/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-071, VIGILANCE-VUL-27679.

Description of the vulnerability

An attacker can bypass access restrictions to data via Entity Labels of Drupal Decoupled Router, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: