The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

computer vulnerability alert 30066

Drupal External Links Filter: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Drupal External Links Filter, in order to redirect him to a malicious site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 19/08/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-063, VIGILANCE-VUL-30066.

Description of the vulnerability

The External Links Filter module can be installed on Drupal.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of Drupal External Links Filter, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 29813

Drupal Meta Tags Quick: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Meta Tags Quick, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/07/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-057, VIGILANCE-VUL-29813.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Meta Tags Quick, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 29635

Drupal Advanced Forum: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive, IBM API Connect.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 27/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-054, ibm10960880, VIGILANCE-VUL-29635.

Description of the vulnerability

The Advanced Forum module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 29576

Drupal Easy Breadcrumb: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Easy Breadcrumb, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-053, VIGILANCE-VUL-29576.

Description of the vulnerability

The Easy Breadcrumb module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Easy Breadcrumb, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 29434

Drupal Universally Unique IDentifier: privilege escalation via Services+REST

Synthesis of the vulnerability

An attacker can bypass restrictions via Services+REST of Drupal Universally Unique IDentifier, in order to escalate his privileges.
Impacted products: Drupal Modules ~ not comprehensive, Fedora.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 03/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-052, FEDORA-2019-9f613ab692, FEDORA-2019-a872068cd3, VIGILANCE-VUL-29434.

Description of the vulnerability

An attacker can bypass restrictions via Services+REST of Drupal Universally Unique IDentifier, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 29433

Drupal TableField: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal TableField, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-051, VIGILANCE-VUL-29433.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal TableField, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability 29390

Drupal Menu Item Extras: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Menu Item Extras, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 23/05/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-050, VIGILANCE-VUL-29390.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Menu Item Extras, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 29389

Drupal Workflow: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Workflow, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 23/05/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-049, VIGILANCE-VUL-29389.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Workflow, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 29322

Drupal Opigno Learning path: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno Learning path, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 16/05/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-047, VIGILANCE-VUL-29322.

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno Learning path, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29321

Drupal Opigno forum: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno forum, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 16/05/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-046, VIGILANCE-VUL-29321.

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno forum, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: