The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Drupal Modules ~ not comprehensive

vulnerability alert 29321

Drupal Opigno forum: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno forum, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 16/05/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-046, VIGILANCE-VUL-29321.

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Opigno forum, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 29066

Drupal Stage File Proxy: denial of service via Invalid Files

Synthesis of the vulnerability

An attacker can trigger a fatal error via Invalid Files of Drupal Stage File Proxy, in order to trigger a denial of service.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-044, VIGILANCE-VUL-29066.

Description of the vulnerability

An attacker can trigger a fatal error via Invalid Files of Drupal Stage File Proxy, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28942

Drupal Services: file reading via attach_file

Synthesis of the vulnerability

A local attacker can read a file via attach_file of Drupal Services, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 04/04/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-043, VIGILANCE-VUL-28942.

Description of the vulnerability

A local attacker can read a file via attach_file of Drupal Services, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28883

Drupal Module Filter: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Module Filter, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive, Fedora.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 28/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-042, FEDORA-2019-0e10310204, FEDORA-2019-3bb852dbeb, VIGILANCE-VUL-28883.

Description of the vulnerability

The Module Filter module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Module Filter, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28788

Drupal Back To Top: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Back To Top, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-040, VIGILANCE-VUL-28788.

Description of the vulnerability

The Back To Top module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Back To Top, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 28787

Drupal AddToAny Share Buttons: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal AddToAny Share Buttons, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-039, VIGILANCE-VUL-28787.

Description of the vulnerability

The AddToAny Share Buttons module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal AddToAny Share Buttons, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28752

Drupal Simple Hierarchical Select: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Drupal Simple Hierarchical Select, in order to force the victim to perform operations.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 14/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-038, VIGILANCE-VUL-28752.

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Drupal Simple Hierarchical Select, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability 28750

Drupal Views: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Views, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 14/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-036, VIGILANCE-VUL-28750.

Description of the vulnerability

The Views module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Views, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 28749

Drupal Views: information disclosure via Exposed Filters

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Exposed Filters of Drupal Views, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 14/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-035, VIGILANCE-VUL-28749.

Description of the vulnerability

An attacker can bypass access restrictions to data via Exposed Filters of Drupal Views, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 28748

Drupal Views: information disclosure via Argument Definitions Failing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Argument Definitions Failing of Drupal Views, in order to obtain sensitive information.
Impacted products: Drupal Modules ~ not comprehensive, Fedora.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 14/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-034, DRUPAL-SA-CONTRIB-2019-035, FEDORA-2019-18bbafb4d8, FEDORA-2019-f08c17b5cc, VIGILANCE-VUL-28748.

Description of the vulnerability

An attacker can bypass access restrictions to data via Argument Definitions Failing of Drupal Views, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Drupal Modules ~ not comprehensive: