Stéphane Corlosquet

**Name of the Vulnerable Software and Affected Versions** Drupal Webform report module versions 5.x through 6.x **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a submission. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions 5.x and 6.x, update the Webform report module to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dex versions 5.x-1.0 and earlier Dex versions 6.x-1.0-rc1 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For Dex versions 5.x-1.0 and earlier, update to a version later than 5.x-1.0. For Dex versions 6.x-1.0-rc1 and earlier, update to a version later than 6.x-1.0-rc1.

**Name of the Vulnerable Software and Affected Versions** Drupal Node Browser module (affected versions not specified) **Description** The issue involves multiple unspecified vulnerabilities in the Node Browser module for Drupal, with unknown impact and attack vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Drupal (affected versions not specified) **Description** The issue concerns multiple unspecified vulnerabilities in the quota by role module for Drupal. The impact and attack vectors of these vulnerabilities are unknown. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** E-Publish versions 5.x through 5.x-1.1 E-Publish versions 6.x through 6.x-1.0 beta1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For E-Publish versions 5.x through 5.x-1.1, update to version 5.x-1.1 or later. For E-Publish versions 6.x through 6.x-1.0 beta1, update to version 6.x-1.0 beta1 or later.

**Name of the Vulnerable Software and Affected Versions** E-Publish versions 5.x before 5.x-1.1 E-Publish versions 6.x before 6.x-1.0 beta1 **Description** A cross-site request forgery issue allows remote attackers to perform unauthorized actions as other users via unspecified vectors. **Recommendations** For E-Publish versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later. For E-Publish versions 6.x before 6.x-1.0 beta1, update to version 6.x-1.0 beta1 or later.

**Name of the Vulnerable Software and Affected Versions** BUEditor versions 4.7.x through 4.7.x-1.0 BUEditor versions 5.x through 5.x-1.1 **Description** The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces due to the editor deletion form not following Drupal's Forms API submission model. **Recommendations** For BUEditor versions 4.7.x through 4.7.x-1.0, update to version 4.7.x-1.0 or later. For BUEditor versions 5.x through 5.x-1.1, update to version 5.x-1.1 or later.