João Ventura

**Name of the Vulnerable Software and Affected Versions** Two-factor Authentication (TFA) versions 0.0.0 through 1.5.0 **Description** The issue is related to a weak authentication vulnerability in the Two-factor Authentication (TFA) module for Drupal, which can be exploited to abuse authentication. This vulnerability is associated with weaknesses in the authentication procedure, allowing a remote attacker to bypass security restrictions. **Recommendations** For versions 0.0.0 through 1.5.0, update to a version that includes a fix for this issue to prevent authentication abuse. As a temporary workaround, consider restricting access to the Two-factor Authentication (TFA) module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Drupal module "Printer, e-mail and PDF versions" versions 5.x before 5.x-4.4 Drupal module "Printer, e-mail and PDF versions" versions 6.x before 6.x-1.4 **Description** A cross-site scripting (XSS) issue exists in the Send by e-mail module, allowing remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail. **Recommendations** For versions 5.x before 5.x-4.4, update to version 5.x-4.4 or later. For versions 6.x before 6.x-1.4, update to version 6.x-1.4 or later.