This page displays all public Tag1 D7ES announcements, including security advisories and compatibility updates. You may filter below by announcement type, project, and subscribe to that customized RSS feed at the bottom of the page.

 

EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072

Project
EU Cookie Compliance (GDPR Compliance)
Date
Severity
Moderately Critical
Risk Score
13  ∕  25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Affected versions
<7.x-1.45
The EU Cookie Compliance module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page.

Filebrowser - Moderately Critical - Risk of data exposure

Project
Filebrowser
Date
Severity
Moderately Critical
Risk Score
10 ∕ 25 AC:Basic/A:Admin/CI:Some/II:None/E:Theoretical/TD:All
Affected versions
All Drupal 7 versions are affected
The Filebrowser module allows users to browse a list of files in specific directories. This module and its directory listing node type should only be used by users with elevated user access.

Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035

Project
Stage File Proxy
Date
Severity
Moderately Critical
Risk Score
11 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Default
Affected versions
<7.x-1.11
Stage File Proxy is a solution for transferring production files to a development server on demand. The module doesn't sufficiently validate the existence of remote files prior to attempting to download and create them.

Commerce Paybox - Moderately Critical - Payment bypass vulnerability

Project
Commerce Paybox
Date
Severity
Moderately Critical
Risk Score
13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Affected versions
<7.x-1.6
The Commerce Paybox module integrates with Verifone e-commerce for accepting online payments. A payment bypass vulnerability could be exploited to mark a payment as done and flag an order as completed, without the user actually entering a credit card number.
Subscribe to Tag1 D7ES Announcements