On January 25th, a whole list of security advisories for contributed module projects was posted by the Drupal Security team that are classified as Critical but Unsupported vulnerabilities. Read to find which ones!
The Drupal Security Team announced a moderately critical Cross-site Scripting-SA-CONTRIB-2022-011 Vulnerability in Navbar module in Drupal 7on January 25th, 2022.
Critical Access bypass, Information Disclosure, and Multiple Vulnerabilities in the Private Taxonomy Terms module SA-CONTRIB-2022-014 was announced on January 26th, 2022
A Drupal security advisory was announced against a moderately critical XSS vulnerability (SA-CONTRIB-2022-004) in the vendor library, jQuery UI, on January 19th, 2022
The Drupal security team announced a moderately critical cross site scripting (XSS) vulnerability SA-CONTRIB-2022-003 in WYSIWYG Drupal 7 on 2022, January 5th.
Drupal security team announced a moderately critical access bypass vulnerability SA-CONTRIB-2022-002 in Simple OAuth (OAuth2) & OpenID Connect on 2022, January 5th.
The Drupal security team has announced a critical access bypass vulnerability SA-CONTRIB-2022-001 in the Super Login module in Drupal 8, posted on 2022, January 5th.
The Drupal security team has issued on December 8th, 2021 critical cross-site scripting (XSS) and access bypass vulnerability for webform (SA-CONTRIB-2021-045).
CKEditor has released a security update SA- Core-2021-011 that impacts Drupal. The issue, dated November 17, 2021, is classified as a moderately critical cross-site scripting (XSS) vulnerability.