Dylan Wilder-Tack

**Name of the Vulnerable Software and Affected Versions** Drupal FAQ Ask module versions 5.x through 6.x before 6.x-2.0 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content. **Recommendations** For versions 5.x through 6.x before 6.x-2.0, update to version 6.x-2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Taxonomy Timer module versions 5.x-1.8 and earlier Drupal Taxonomy Timer module versions 6.x-alpha1 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 5.x-1.8 and earlier, update to a version later than 5.x-1.8. For versions 6.x-alpha1 and earlier, update to a version later than 6.x-alpha1.

**Name of the Vulnerable Software and Affected Versions** Printfriendly module versions prior to 6.x-1.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 6.x-1.6, update the Printfriendly module to version 6.x-1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Simplenews Statistics versions prior to 6.x-2.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 6.x-2.0, update to version 6.x-2.0 or later to resolve the issue.