June 2016

Opening hours - Moderately Critical

* Advisory ID: DRUPAL-SA-CONTRIB-2016-031
* Project: Opening hours [1] (third-party module)
* Version: 7.x
* Date: 2016-June-01
* Security risk: 12/25 ( Moderately Critical)
AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2]
* Vulnerability: Cross Site Scripting

This module enables you to enter opening hours for locations in a highly
detailed way.

The module doesn't sufficiently escape input data from user input.

Page Manager Search - Moderately Critical - Information disclosure

* Advisory ID: DRUPAL-SA-CONTRIB-2016-032
* Project: Page manager search [1] (third-party module)
* Version: 7.x
* Date: 2016-June-08
* Security risk: 10/25 ( Moderately Critical)
AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
* Vulnerability: Information Disclosure

This module enables you to make Panels pages (and other pages managed by
CTools' Page Manager submodule) indexible and searchable through the standard
Search module provided in Drupal core.

REST JSON - Multiple Vulnerabilities - Highly Critical

* Advisory ID: DRUPAL-SA-CONTRIB-2016-033
* Project: REST/JSON [1] (third-party module)
* Version: 7.x
* Date: 2016-June-08
* Security risk: 19/25 ( Critical)
AC:None/A:None/CI:Some/II:Some/E:Proof/TD:All [2]
* Vulnerability: Access bypass, Information Disclosure, Multiple

This module enables you to expose content, users and comments via a JSON API.
The module contains multiple vulnerabilities including

Node Embed - Denial of Service - Less critical

* Advisory ID: DRUPAL-SA-CONTRIB-2016-034
* Project: Node Embed (third-party module)
* Version: 7.x
* Date: 2016-June-08
* Security risk: 5/25 ( Less Critical)
* Vulnerability: Denial of Service

This module enables you to embed the contents of one node in the body field
of another.

The module doesn't sufficiently protect against a node being embedded in
itself, or a loop being created of one node being embedded in another which
is then itself embedded in the first node.

Outline Designer - Moderately Critical - Cross Site Scripting (XSS)

* Advisory ID: DRUPAL-SA-CONTRIB-2016-035
* Project: Outline Designer [1] (third-party module)
* Version: 7.x
* Date: 2016-June-08
* Security risk: 14/25 ( Moderately Critical)
AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2]
* Vulnerability: Cross Site Scripting

This module enables you to mass administer book outlines and perform common
operations through one interface, improving the usability for the book

Views - Less Critical - Access Bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2016-036
* Project: Views [1] (third-party module)
* Version: 7.x
* Date: 2016-June-15
* Security risk: 7/25 ( Less Critical)
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
* Vulnerability: Access bypass


An access bypass vulnerability exists in the Views module, where users
without the "View content count" permission can see the number of hits
collected by the Statistics module for results in the view.

Expanded support for WordPress and launch of the overhauled mobile-friendly web-site

Today, on June 18, we have launched our new mobile-friendly website and are proudly expanding our support for WordPress-based websites.

For many years number of Drupion clients with their main websites built on Drupal have been hosting their WordPress websites alongside, for example, to run their company blogs. So Drupion has de-facto been supporting WordPress without formally including it as part of its services for a long while.

Money Back Guarantee

We are very confident in our ability to provide the best Drupal and WordPress-specific hosting services. We strongly believe that you will be completely satisfied because we provide prompt, reliable and comprehensive Drupal and WordPress hosting services with 24/7 technical support.