This page displays all public Tag1 D7ES announcements, including security advisories and compatibility updates. You may filter below by announcement type, project, and subscribe to that customized RSS feed at the bottom of the page.

 

Taxonomy Term Reference Tree Widget - Moderately Critical - Cross Site Scripting

Project
Taxonomy Term Reference Tree Widget
Date
Severity
Moderately Critical
Risk Score
13/25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Affected versions
<7.x-1.12
The Term Reference Tree Widget module contained a Cross-Site Scripting (XSS) vulnerability in its tree list output function, allowing malicious users to inject JavaScript code through unsanitized token replacement and improper URI handling.

Simple hierarchical select - Moderately Critical - Cross Site Scripting

Project
Simple hierarchical select
Date
Severity
Moderately Critical
Risk Score
13/25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Affected versions
<7.x-1.12
The Simple hierarchical select module contained a Cross-Site Scripting (XSS) vulnerability in its field formatter and term retrieval functions, allowing malicious users to inject JavaScript code through unsanitized term names.

File (Field) Paths - Moderately Critical - File Path Manipulation

Project
File (Field) Paths
Date
Severity
Moderately Critical
Risk Score
13/25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Affected versions
<7.x-1.3
The File (Field) Paths module contained a file path manipulation vulnerability where file objects maintained inconsistent URI state after file move operations, potentially leading to file access issues and data corruption.
Subscribe to Tag1 D7ES Announcements