DRUPAL-SA-CORE-2009-007
Ryan Rix
phrkonaleash at gmail.com
Mon Jul 6 10:43:43 MST 2009
Multiple issues, time for an update, all you Drupal users!
Cross-site scripting
The Forum module does not correctly handle certain arguments obtained from the
URL. By enticing a suitably privileged user to visit a specially crafted URL,
a malicious user is able to insert arbitrary HTML and script code into forum
pages. Such a cross-site scripting attack may lead to the malicious user
gaining administrative access. Wikipedia has more information about cross-site
scripting (XSS).
This issue affects Drupal 6.x only
http://drupal.org/node/507572
Ryan
More information about the PLUG-discuss
mailing list