Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 14 Oct 2015 18:57:35 +0200
From: Pere Orga <>
Cc: Drupal Security Team <>
Subject: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132
 to SA-CONTRIB-2015-156)


Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-132 - Administration Views - Information Disclosure

SA-CONTRIB-2015-133 - Path Breadcrumbs - Cross Site Scripting (XSS)

SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Scripting
SA-CONTRIB-2015-134 - OSF for Drupal - Cross Site Request Forgery
SA-CONTRIB-2015-134 - OSF for Drupal - Access bypass

SA-CONTRIB-2015-135 - Time Tracker - Cross Site Scripting (XSS)

SA-CONTRIB-2015-136 - Commerce Commonwealth (CBA) - Insufficient
Verification of API Data

SA-CONTRIB-2015-137 - Quick Edit - Cross Site Scripting (XSS)

SA-CONTRIB-2015-138 - Compass Rose - Cross Site Scripting (XSS)

SA-CONTRIB-2015-139 - Workbench Email - Access bypass

SA-CONTRIB-2015-140 - Search API Autocomplete - Cross Site Scripting (XSS)

SA-CONTRIB-2015-141 - Ctools - Cross Site Scripting (XSS)
SA-CONTRIB-2015-141 - Ctools - Access bypass

SA-CONTRIB-2015-142 - Spotlight - Cross Site Scripting (XSS)

SA-CONTRIB-2015-143 - Zendesk Feedback Tab - Cross Site Scripting (XSS)

SA-CONTRIB-2015-144 - Mass Contact - Cross Site Scripting (XSS)

SA-CONTRIB-2015-145 - Fieldable Panels Panes - Access bypass

SA-CONTRIB-2015-146 - Twitter - Access bypass

SA-CONTRIB-2015-147 - RESTful - Access bypass

SA-CONTRIB-2015-148 - Drupal 7 driver for SQL Server and SQL Azure -
SQL Injection

SA-CONTRIB-2015-149 - amoCRM - Cross Site Scripting (XSS)

SA-CONTRIB-2015-150 - CMS Updater - Access bypass
SA-CONTRIB-2015-150 - CMS Updater - Cross Site Scripting (XSS)

SA-CONTRIB-2015-151 - Scald - Information Disclosure

SA-CONTRIB-2015-152 - User Dashboard - SQL Injection

SA-CONTRIB-2015-153 - Taxonomy Find - Cross Site Scripting (XSS)

SA-CONTRIB-2015-154 - Stickynote - Cross Site Scripting (XSS)

SA-CONTRIB-2015-155 - Entity Registration - Information Disclosure

SA-CONTRIB-2015-156 - Colorbox - Access bypass

Many thanks

Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ