Project: Drupal core
Date: 2020-September-16
Security risk: Moderately critical 14∕25
Vulnerability: Cross-site scripting
CVE IDs: CVE-2020-13666The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.
Install the latest version:
Joomla 3.9.21 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.
Joomla 3.9.21 includes 3 security vulnerability fixes and addresses several bugs, including:
Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 11∕25
Vulnerability: Information disclosure
The Group module enables you to hand out permissions on a smaller subset, section or community of your website.
Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions of the 2nd group type for the grouped content.
Project: Group
Version: 8.x-1.x-dev
Date: 2020-August-05
Security risk: Moderately critical 12∕25
Vulnerability: Information disclosureThe Group module enables you to hand out permissions on a smaller subset, section or community of your website.
With the 1.1 security release, new code was introduced to ensure proper access for all entity types, but a mistake introduced unexpected access to unpublished nodes.
Install the latest version:
Project: Hostmaster (Aegir)
Version: 7.x-3.x-dev
Date: 2020-July-29
Security risk: Moderately critical 14∕25
Vulnerability: Access bypass, Arbitrary code executionAegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites.
Given that
Project: Group
Version: 8.x-1.x-dev
Date: 2020-July-29
Security risk: Critical 15∕25
Vulnerability: Information DisclosureThis module enables you to hand out permissions on a smaller subset, section or community of your website.
Project: Apigee Edge
Version: 8.x-1.x-dev
Date: 2020-July-22
Security risk: Moderately critical 10∕25
Vulnerability: Access bypassThe Apigee Edge module allows connecting a Drupal site to Apigee Edge in order to build a developer portal. It contains an "Apigee Edge Teams" submodule that provides shared app functionality by allowing developers to be organized into teams.
Project: Modal Form
Version: 8.x-1.x-dev
Date: 2020-July-22
Security risk: Critical 16∕25
Vulnerability: Access bypassThe Modal form module is a toolset for quick start of using forms in modal windows.
Any form is available for view and submit when the modal_form module is installed. The only requirement is to know the form's fully-qualified class name.
Upgrade to modal_form-8.x-1.2.
Project: Easy Breadcrumb
Version: 8.x-1.x-dev
Date: 2020-July-22
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scriptingThis module enables you to use the current URL (path alias) and the current page's title to automatically extract the breadcrumb's segments and its respective links then show them as breadcrumbs on your website.
The module doesn't sufficiently sanitize editor input in certain circumstances leading to a Cross Site Scripting (XSS) vulnerability.
Joomla team has announced several bug fixes today on July 14, 2020.
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.19
Exploit type: Information Disclosure
Reported Date: 2020-Jun-17
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15698Inadequate filtering in the system information screen could expose redis or proxy credentials