5.3
CVE-2024-13302 - Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068
Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3.
6.1
CVE-2024-13301 - OAuth & OpenID Connect Single Sign On โ SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting -โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On โ SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On โ SSO (OAuth/OIDC Client): from 3.0โฆ
6.6
CVE-2024-13300 - Print Anything - Critical - Unsupported - SA-CONTRIB-2024-066
Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*.
6.6
CVE-2024-13299 - Megamenu Framework - Critical - Unsupported - SA-CONTRIB-2024-065
Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*.
4.8
CVE-2024-13298 - Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.
6.6
CVE-2024-13297 - Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063
Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.
6.6
CVE-2024-13296 - Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.
6.6
CVE-2024-13295 - Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061
Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.
5.4
CVE-2024-13294 - POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.
3.1
CVE-2024-13293 - POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059
Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.