December 2016

High-performance JavaScript callback handler - Highly Critical - Multiple vulnerabilities

* Advisory ID: DRUPAL-SA-CONTRIB-2016-063
* Project: High-performance JavaScript callback handler (third-party module)
* Version: 7.x
* Date: 2016-December-07
* Security risk: 22/25 ( Highly Critical)
* Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request
Forgery, Open Redirect, Multiple vulnerabilities

DESCRIPTION

PHPmailer 3rd party library

* Advisory ID: DRUPAL-SA-PSA-2016-004
* Project: PHPMailer
* Version: 7.x, 8.x
* Date: 2016-December-26
* Security risk: 23/25 ( Highly Critical)
* Vulnerability: Arbitrary PHP code execution

DESCRIPTION

The PHPMailer and SMTP modules (and maybe others) add support for sending
e-mails using the 3rd party PHPMailer library.