The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

computer vulnerability note 26099

Drupal SVG Formatter: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal SVG Formatter, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-027, VIGILANCE-VUL-26099.

Description of the vulnerability

The SVG Formatter module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal SVG Formatter, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 25992

Drupal JSON API: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Drupal JSON API, in order to force the victim to perform operations.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 26/04/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-021, VIGILANCE-VUL-25992.

Description of the vulnerability

The JSON API module can be installed on Drupal.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Drupal JSON API, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 25931

Drupal Display Suite: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Display Suite, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 19/04/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-019, VIGILANCE-VUL-25931.

Description of the vulnerability

The Display Suite module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Display Suite, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 24765

Drupal Panopoly Core: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Panopoly Core, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 14/12/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-093, VIGILANCE-VUL-24765.

Description of the vulnerability

The Panopoly Core module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Panopoly Core, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 24681

Drupal Configuration Update Manager: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Drupal Configuration Update Manager, in order to force the victim to perform operations.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 07/12/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-091, VIGILANCE-VUL-24681.

Description of the vulnerability

The Configuration Update Manager module can be installed on Drupal.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Drupal Configuration Update Manager, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 24680

Drupal Feedback Collect: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Feedback Collect, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 07/12/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-090, VIGILANCE-VUL-24680.

Description of the vulnerability

The Feedback Collect module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Feedback Collect, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 24573

Drupal bootstrap_carousel: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal bootstrap_carousel, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 30/11/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-088, VIGILANCE-VUL-24573.

Description of the vulnerability

The bootstrap_carousel module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal bootstrap_carousel, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 24572

Drupal Services Single Sign-on Client: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Services Single Sign-on Client, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 30/11/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-087, VIGILANCE-VUL-24572.

Description of the vulnerability

The Services Single Sign-on Client module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Services Single Sign-on Client, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 24571

Drupal Cloud: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Drupal Cloud, in order to force the victim to perform operations.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 30/11/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-086, VIGILANCE-VUL-24571.

Description of the vulnerability

The Cloud module can be installed on Drupal.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Drupal Cloud, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 24303

Drupal Automated Logout: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Automated Logout, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 02/11/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-081, VIGILANCE-VUL-24303.

Description of the vulnerability

The Automated Logout module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Automated Logout, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: