Tag1 D7ES Security Advisories

Global Redirect is a module that provides support for clean URLs, paths, and aliases. It is susceptible to a Server Side Request Forgery (SSRF) when used in combination with remote_stream_wrapper project.

The Mail System module provides an Administrative UI and Developers API for managing a mail backend or plugin. The module is susceptible to a PHP injection vulnerability.

This module enables your site to obfuscate Email addresses and prevent spambots to collect them. The module doesn't sanitize HTML data attributes when an email address link is transformed to separate span HTML elements and then transformed back by JavaScript leading to a Cross Site Scripting (XSS) vulnerability.

The GDPR Task submodule enables you to create GDPR tasks. The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when creating tasks.

The webform_multifile module allows user to upload multiple files on a webform. This vulnerability was originally patched by D7Security Group. This is a public release of the port of that patch, provided to Tag1 D7ES customers.

This module enables you to integrate the site with the Google Tag Manager (GTM) application. This vulnerability was originally reported and remediated for modern versions of Drupal in https://www.drupal.org/sa-contrib-2025-011. This security advisory is a public release addressing the vulnerability for Drupal 7, as provided to Tag1 D7ES customers.

The Coffee module helps you to navigate through the Drupal admin faster, inspired by Alfred and Spotlight (OS X). This vulnerability was originally patched by D7Security Group. This is a public release of the port of that patch, provided to Tag1 D7ES customers.