Greggles

**Name of the Vulnerable Software and Affected Versions** Drupal SVG Sanitizer module versions prior to 8.x-1.0-alpha1 **Description** A Denial Of Service issue exists due to mishandled access to external resources with an SVG use element. **Recommendations** For versions prior to 8.x-1.0-alpha1, update to a version that fixes the issue to prevent Denial Of Service.

**Name of the Vulnerable Software and Affected Versions** Userpoints module for Drupal versions 4.7.x before 4.7.x-2.3 Userpoints module for Drupal versions 5.x-2 before 5.x-2.16 Userpoints module for Drupal versions 5.x-3 before 5.x-3.3 **Description** The issue concerns the point moderation form in the Userpoints module for Drupal, which does not adhere to Drupal's Forms API submission model. This allows remote attackers to conduct cross-site request forgery (CSRF) attacks, enabling them to manipulate points. **Recommendations** For Userpoints module for Drupal version 4.7.x, update to version 4.7.x-2.3 or later. For Userpoints module for Drupal version 5.x-2, update to version 5.x-2.16 or later. For Userpoints module for Drupal version 5.x-3, update to version 5.x-3.3 or later.