The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

vulnerability 27160

Drupal Fraction: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Fraction, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 06/09/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-059, VIGILANCE-VUL-27160.

Description of the vulnerability

The Fraction module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Fraction, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 27106

Drupal Bing Autosuggest API: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Bing Autosuggest API, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 30/08/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-058, VIGILANCE-VUL-27106.

Description of the vulnerability

The Drupal Bing Autosuggest API product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Bing Autosuggest API, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 26846

Drupal Select Or Other: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Select Or Other, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 26/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-054, VIGILANCE-VUL-26846.

Description of the vulnerability

The Select Or Other module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Select Or Other, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 26706

Drupal Tapestry: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Tapestry, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-051, VIGILANCE-VUL-26706.

Description of the vulnerability

The Tapestry module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Tapestry, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 26705

Drupal litejazz: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal litejazz, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-050, VIGILANCE-VUL-26705.

Description of the vulnerability

The litejazz module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal litejazz, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26704

Drupal NewsFlash: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal NewsFlash, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-049, VIGILANCE-VUL-26704.

Description of the vulnerability

The NewsFlash module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal NewsFlash, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 26703

Drupal Beale Street: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Beale Street, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-048, VIGILANCE-VUL-26703.

Description of the vulnerability

The Beale Street module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Beale Street, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 26702

Drupal EU Cookie Compliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal EU Cookie Compliance, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-047, VIGILANCE-VUL-26702.

Description of the vulnerability

The EU Cookie Compliance module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal EU Cookie Compliance, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 26701

Drupal Commerce Custom Order Status: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Commerce Custom Order Status, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-046, VIGILANCE-VUL-26701.

Description of the vulnerability

The Commerce Custom Order Status module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Commerce Custom Order Status, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26624

Drupal Universally Unique IDentifier: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on Drupal Universally Unique IDentifier, in order for example to upload a Trojan.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Creation date: 05/07/2018.
Identifiers: DRUPAL-SA-CONTRIB-2018-045, VIGILANCE-VUL-26624.

Description of the vulnerability

The Universally Unique IDentifier module can be installed on Drupal.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server, and then executed.

An attacker can therefore upload a malicious file on Drupal Universally Unique IDentifier, in order for example to upload a Trojan.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: