Jakob P

**Name of the Vulnerable Software and Affected Versions** Drupal Automated Logout versions 0.0.0 through 1.6.9 Drupal Automated Logout versions 2.0.0 through 2.0.1 **Description** The Automated Logout module for Drupal does not adequately protect its routes against Cross-Site Request Forgery (CSRF). This allows an attacker to trigger the logout route without the user’s knowledge or consent. The module is designed to allow site administrators to log users out after a period of inactivity. **Recommendations** Update Drupal Automated Logout to version 1.7.0 or later. Update Drupal Automated Logout to version 2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 **Description** A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on subsequent submissions if they first successfully solve at least one CAPTCHA manually to obtain valid tokens. **Recommendations** Update Drupal CAPTCHA to version 1.17.0 or later. Update Drupal CAPTCHA to version 2.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Acquia DAM versions 0.0.0 through 1.1.4 **Description** A missing authorization issue exists in Drupal Acquia DAM, allowing for forceful browsing. This allows unauthorized access to resources. **Recommendations** Update Acquia DAM to version 1.1.5 or later.

Name of the Vulnerable Software and Affected Versions: Drupal Panels versions 0.0.0 through 4.9.0 Description: The issue affects Drupal Panels due to missing authentication for a critical function, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 0.0.0 through 4.9.0, update to version 4.9.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Google Tag versions 0.0.0 through 1.7.x Drupal Google Tag versions 2.0.0 through 2.0.7 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Cross-Site Scripting (XSS) attacks. **Recommendations** For versions 0.0.0 through 1.7.x, update to version 1.8.0 or later. For versions 2.0.0 through 2.0.7, update to version 2.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Google Tag versions 0.0.0 through 1.7.x Drupal Google Tag versions 2.0.0 through 2.0.7 **Description** A Cross-Site Request Forgery (CSRF) issue affects the Drupal Google Tag module, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited to perform actions without the user's knowledge or consent. **Recommendations** For versions 0.0.0 through 1.7.x, update to version 1.8.0 or later. For versions 2.0.0 through 2.0.7, update to version 2.0.8 or later.