August 2017

Amazon Pay now available for Drupal Commerce

Make Amazon customers your customers   

The Amazon Pay plugin for Drupal is now available; that means you are only minutes away from setting up the Amazon Pay plugin on your Website.

By enabling Amazon Pay, you let millions of Amazon buyers pay on your website using the information that’s already safely stored in their Amazon accounts. It’s a fast, trusted checkout process that is familiar to millions of Amazon customers around the world.

How does it work?

Alinks - Moderately Critical -Access bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2017-058
* Project: Alinks (third-party module)
* Version: 8.x
* Date: 2017-August-02
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Access bypass

DESCRIPTION

This module enables you to automatically link keywords to specific URLs.

This module has an insufficient access check on the delete route.

Alinks uses the wrong permission for an access check.

VERSIONS AFFECTED

* Alinks 8.x-1.x versions prior to 8.x-1.1.

html_title - Unsupported

* Advisory ID: DRUPAL-SA-CONTRIB-2017-059
* Project: html_title (third-party module)
* Date: 2-Aug-2017

DESCRIPTION

The HTML Title module allows a limited set of HTML markup (em, sub, sup, b, i, strong, cite, code, bdi, wbr) to be used in node titles.

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466

baidu_analytics - Unsupported

* Advisory ID: DRUPAL-SA-CONTRIB-2017-060
* Project: baidu_analytics (third-party module)
* Date: 2-Aug-2017

DESCRIPTION

This module adds the Baidu Analytics web statistics tracking system to your website.

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466

VERSIONS AFFECTED

* All versions

ajax_facets - Unsupported

* Advisory ID: DRUPAL-SA-CONTRIB-2017-061
* Project: ajax_facets (third-party module)
* Date: 2-Aug-2017

DESCRIPTION

This module allows you to create facet filters which working by AJAX. Filters and search results will be updated by AJAX.

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466

Services Views - Unsupported

* Advisory ID: DRUPAL-SA-CONTRIB-2017-062
* Project: services_views (third-party module)
* Date: 2-Aug-2017

DESCRIPTION

This module provides views support for the Services module.

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466

VERSIONS AFFECTED

* All versions

Relation - Moderately Critical - Access Bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2017-063
* Project: Relation (third-party module)
* Version: 7.x
* Date: 2017-August-09
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Access bypass

DESCRIPTION

This module enables you to store relationships between entities as fieldable
entities.

The module doesn't sufficiently check permissions when displaying related
entities labels with the Relation Dummy Field module widget.

Better field descriptions - Critical - XSS

* Advisory ID: DRUPAL-SA-CONTRIB-2017-064
* Project: Better field descriptions (third-party module)
* Version: 7.x
* Date: 2017-Aug-09
* Security risk: 16/25 ( Critical)
* Vulnerability: Cross Site Scripting

DESCRIPTION

This module enables you to add themeable descriptions to fields in forms.

The module doesn't sufficiently sanitize descriptions.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "add better descriptions to fields".

VERSIONS AFFECTED

Pages