Drupal

Client-side Hierarchical Select - Moderately critical - Cross-site scripting - SA-CONTRIB-2021-031

Client-side Hierarchical Select - Moderately critical - Cross-site scripting - SA-CONTRIB-2021-031

Project: Client-side Hierarchical Select
Date: 2021-September-22
Security risk: Moderately critical 13∕25
Vulnerability: Cross-site scripting

Description

The module provides a field widget for selecting taxonomy terms in a hierarchical fashion.

The module doesn't sanitize user input in certain cases, leading to a possible Cross-Site-Scripting (XSS) vulnerability.

Read More

User hash - Moderately critical - Cache poisoning - SA-CONTRIB-2021-030

User hash - Moderately critical - Cache poisoning - SA-CONTRIB-2021-030

Project: User hash
Date: 2021-September-22
Security risk: Moderately critical 12∕25
Vulnerability: Cache poisoning

Description

This module enables you to create an individual hash for each user. These hashes can be used for authentication instead of the user's password, e.g. for views exporters.

The module doesn't sufficiently invalidate page output when the page_cache module is used.

Read More

Critical and moderately critical security advisories for the The Better Mega Menu module

Critical and moderately critical security adversaries for the The Better Mega Menu module

The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038

Project: The Better Mega Menu
Date: 2021-September-22
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities

Description

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.

Read More

Admin Toolbar - Moderately critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-025

Admin Toolbar - Moderately critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-025

Project: Admin Toolbar
Date: 2021-August-25
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting, Access Bypass

Description

The Admin Toolbar (admin_toolbar) module extends the default toolbar provided by Drupal Core with various features facilitating day-to-day editorial and administrative work.

The Admin Toolbar Search sub-module of this module

Read More

How to install Devel and Kint on Drupal 9

How to properly setup Devel and Kint on Drupal 9?

I was recently setting up my local development environment for a new Drupal 9 project and despite abundance of documentation, couldn't get the Devel and Kint properly working at once. And because most of tutorials found online on the subject turned out to be buggy, outdated and/or obsolete, for posterity reasons I decided to log the installation steps that worked for me.

#TL;DR
drush pmu kint
composer require drupal/devel kint-php/kint
drush en devel
Read More

Pages