The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

security announce 30125

Drupal Imagecache External: information disclosure via Sent session token

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Sent session token of Drupal Imagecache External, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 22/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-065, VIGILANCE-VUL-30125.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Sent session token of Drupal Imagecache External, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note 30067

Drupal Forms Steps: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Forms Steps, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-064, VIGILANCE-VUL-30067.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Forms Steps, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin 30066

Drupal External Links Filter: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Drupal External Links Filter, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 19/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-063, VIGILANCE-VUL-30066.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The External Links Filter module can be installed on Drupal.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of Drupal External Links Filter, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

threat announce 30065

Drupal Super Login: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Super Login, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-062, VIGILANCE-VUL-30065.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Super Login module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Super Login, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat note 30064

Drupal Scroll To Top: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Scroll To Top, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 19/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-061, VIGILANCE-VUL-30064.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Scroll To Top module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Scroll To Top, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce 29874

Drupal Existing Values Autocomplete Widget: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Existing Values Autocomplete Widget, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/07/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-060, VIGILANCE-VUL-29874.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Existing Values Autocomplete Widget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin 29872

Drupal Metatag: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Metatag, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/07/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-058, VIGILANCE-VUL-29872.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Metatag, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat 29813

Drupal Meta Tags Quick: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Meta Tags Quick, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 18/07/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-057, VIGILANCE-VUL-29813.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Meta Tags Quick, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability 29635

Drupal Advanced Forum: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 27/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-054, ibm10960880, VIGILANCE-VUL-29635.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Advanced Forum module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat announce 29576

Drupal Easy Breadcrumb: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Easy Breadcrumb, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 20/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-053, VIGILANCE-VUL-29576.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Easy Breadcrumb module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Easy Breadcrumb, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: