May 2016

Security Advisory on Open Atrium Notifications

* Advisory ID: DRUPAL-SA-CONTRIB-2016-026
* Project: Open Atrium Notifications (third-party module)
* Version: 7.x
* Date: 2016-May-04
* Security risk: 9/25 ( Less Critical)
* Vulnerability: Information Disclosure


Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content.

Dropbox client - Multiple Vulnerabilities

Drupal Security

* Advisory ID: DRUPAL-SA-CONTRIB-2016-027
* Project: Dropbox Client (third-party module)
* Version: 7.x
* Date: 2016-May-18
* Security risk: 15/25 ( Critical)
* Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request
Forgery, Information Disclosure, Multiple vulnerabilities


This module enables you to view dropbox files in your Drupal site.

Views Megarow - Critical - Access Bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2016-027
* Project: Views Megarow (third-party module)
* Version: 7.x
* Date: 2016-May-18
* Security risk: 16/25 ( Critical)
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2]
* Vulnerability: Access bypass, Information Disclosure


This module enables you to display content from any path within a list of
content inside a view or form. The content is displayed in a modal-like
format when the user clicks on the "view link" or any custom links created.

Registration Codes - Less Critical - Input Validation Vulnerability

* Advisory ID: DRUPAL-SA-CONTRIB-2016-028
* Project: Registration codes [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2016-May-18
* Security risk: 9/25 ( Less Critical)
AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default [2]
* Vulnerability: Access bypass


This module enables you to allow users to enter a special registration code
in order to sign up for the site.

The module doesn't sufficiently validate the entered registration code


XML Sitemap - Moderately Critical

* Advisory ID: DRUPAL-SA-CONTRIB-2016-030
* Project: XML Sitemap [1] (third-party module)
* Version: 7.x
* Date: 2016-May-25
* Security risk: 13/25 ( Moderately Critical)
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default [2]
* Vulnerability: Cross Site Scripting

The XML Sitemap module enables you to create sitemaps which help search
engines to more intelligently crawl a website and keep their results up to