May 2016

XML Sitemap - Moderately Critical

* Advisory ID: DRUPAL-SA-CONTRIB-2016-030
* Project: XML Sitemap [1] (third-party module)
* Version: 7.x
* Date: 2016-May-25
* Security risk: 13/25 ( Moderately Critical)
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2]
* Vulnerability: Cross Site Scripting

The XML Sitemap module enables you to create sitemaps which help search
engines to more intelligently crawl a website and keep their results up to
date.

Dropbox client - Multiple Vulnerabilities

Drupal Security

* Advisory ID: DRUPAL-SA-CONTRIB-2016-027
* Project: Dropbox Client (third-party module)
* Version: 7.x
* Date: 2016-May-18
* Security risk: 15/25 ( Critical)
AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
* Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request
Forgery, Information Disclosure, Multiple vulnerabilities

DESCRIPTION

This module enables you to view dropbox files in your Drupal site.

Views Megarow - Critical - Access Bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2016-027
* Project: Views Megarow (third-party module)
* Version: 7.x
* Date: 2016-May-18
* Security risk: 16/25 ( Critical)
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
* Vulnerability: Access bypass, Information Disclosure

DESCRIPTION

This module enables you to display content from any path within a list of
content inside a view or form. The content is displayed in a modal-like
format when the user clicks on the "view link" or any custom links created.

Registration Codes - Less Critical - Input Validation Vulnerability

* Advisory ID: DRUPAL-SA-CONTRIB-2016-028
* Project: Registration codes [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2016-May-18
* Security risk: 9/25 ( Less Critical)
AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default [2]
* Vulnerability: Access bypass

DESCRIPTION

This module enables you to allow users to enter a special registration code
in order to sign up for the site.

The module doesn't sufficiently validate the entered registration code

VERSIONS AFFECTED

Security Advisory on Open Atrium Notifications

* Advisory ID: DRUPAL-SA-CONTRIB-2016-026
* Project: Open Atrium Notifications (third-party module)
* Version: 7.x
* Date: 2016-May-04
* Security risk: 9/25 ( Less Critical)
* Vulnerability: Information Disclosure

DESCRIPTION

Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content.