Ide Braakman

**Name of the Vulnerable Software and Affected Versions** Drupal Simple multi step form versions prior to 2.0.0 **Description** A flaw exists in Drupal Simple multi step form that allows for Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Drupal Simple multi step form to version 2.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Stage File Proxy versions 0.0.0 through 3.1.4 **Description** The issue is related to the allocation of resources without limits or throttling in Drupal Stage File Proxy, allowing flooding. **Recommendations** For versions 0.0.0 through 3.1.4, update to version 3.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Entity Form Steps versions 0.0.0 through 1.1.3 **Description** The issue is related to improper neutralization of input during web page generation, allowing for Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to conduct XSS attacks. **Recommendations** For versions 0.0.0 through 1.1.3, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Entity Form Steps module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** View Password versions 0.0.0 through 6.0.4 **Description** The issue is related to improper neutralization of input during web page generation, which allows for Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to perform XSS attacks. **Recommendations** For versions 0.0.0 through 6.0.4, update to a version later than 6.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the View Password module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Two-factor Authentication (TFA) versions 0.0.0 through 1.5.0 **Description** The issue is related to a weak authentication vulnerability in the Two-factor Authentication (TFA) module for Drupal, which can be exploited to abuse authentication. This vulnerability is associated with weaknesses in the authentication procedure, allowing a remote attacker to bypass security restrictions. **Recommendations** For versions 0.0.0 through 1.5.0, update to a version that includes a fix for this issue to prevent authentication abuse. As a temporary workaround, consider restricting access to the Two-factor Authentication (TFA) module until a patch is available.