Drupal Security Announcements
This list is for security announcements sent out be the Drupal security team.
Updated: 6 years 8 weeks ago
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
- Advisory ID: DRUPAL-SA-2008-006
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-005 - Drupal core - Cross site request forgery
- Advisory ID: DRUPAL-SA-2008-005
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-2008-004 - Fileshare - Arbitrary code execution
- Advisory ID: DRUPAL-SA-2008-004
- Project: Fileshare (third-party module)
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
SA-2008-003 - BUEditor - CSRF
- Advisory ID: DRUPAL-SA-2008-003
- Project: BUEditor (third-party module)
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-2008-002 - Atom - Access bypass
- Advisory ID: DRUPAL-SA-2008-002
- Project: Atom (third-party module)
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-001 - Devel - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-001
- Project: Devel (third-party module)
- Version: 5.x
- Date: 2008-January-10
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting