Drupal

Critical and moderately critical security advisories for the The Better Mega Menu module

Critical and moderately critical security adversaries for the The Better Mega Menu module

The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038

Project: The Better Mega Menu
Date: 2021-September-22
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities

Description

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.

Read More

Admin Toolbar - Moderately critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-025

Admin Toolbar - Moderately critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-025

Project: Admin Toolbar
Date: 2021-August-25
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting, Access Bypass

Description

The Admin Toolbar (admin_toolbar) module extends the default toolbar provided by Drupal Core with various features facilitating day-to-day editorial and administrative work.

The Admin Toolbar Search sub-module of this module

Read More

How to install Devel and Kint on Drupal 9

How to properly setup Devel and Kint on Drupal 9?

I was recently setting up my local development environment for a new Drupal 9 project and despite abundance of documentation, couldn't get the Devel and Kint properly working at once. And because most of tutorials found online on the subject turned out to be buggy, outdated and/or obsolete, for posterity reasons I decided to log the installation steps that worked for me.

But first, let's get to definitions of both development modules.

Read More

Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2021-024

Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2021-024

Project: Pages Restriction Access
Date: 2021-July-28
Security risk: Critical 16∕25
Vulnerability: Access bypass

Description

This project enables administrators to restrict access from anonymous and regular users to pre-defined pages.

The administration routes used by the project lacked proper permissions, allowing untrusted users to access, create and modify the module's settings.

Solution

Install the latest version:

Read More

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

Project: Form mode manager
Date: 2021-July-21
Security risk: Moderately critical 11∕25
Vulnerability: Access bypass

Description

This module provides a user interface that allows the implementation and use of Form modes without custom development.

The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes.

Read More

Pages