This page displays all public Tag1 D7ES Security Advisories. Check out our Announcements page for all updates.

You can filter this list by project or subscribe to the RSS feed.

 

Webform Multiple File Upload - Critical - Cross Site Scripting

Project
webform_multifile
Date
Severity
Critical
Risk Score
16/25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Affected versions
<7.x-1.7
The webform_multifile module allows user to upload multiple files on a webform. This vulnerability was originally patched by D7Security Group. This is a public release of the port of that patch, provided to Tag1 D7ES customers.

Google Tag - Moderately critical - Cross Site Request Forgery

Project
google_tag
Date
Severity
Moderately Critical
Risk Score
13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Affected versions
< 7.x-2.3
This module enables you to integrate the site with the Google Tag Manager (GTM) application. This vulnerability was originally reported and remediated for modern versions of Drupal in https://www.drupal.org/sa-contrib-2025-011. This security advisory is a public release addressing the vulnerability for Drupal 7, as provided to Tag1 D7ES customers.

Coffee - Moderately Critical - Cross Site Scripting

Project
Coffee 7.x-2.3
Date
Severity
Moderately Critical
Risk Score
13/25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Affected versions
≤7.x-2.3
The Coffee module helps you to navigate through the Drupal admin faster, inspired by Alfred and Spotlight (OS X). This vulnerability was originally patched by D7Security Group. This is a public release of the port of that patch, provided to Tag1 D7ES customers.
Subscribe to Tag1 D7ES Security Advisories