DRUPAL-SA-CORE-2009-007
Lisa Kachold
lisakachold at obnosis.com
Mon Jul 6 13:20:39 MST 2009
WE don't run forums on the PLUG site Ryan.
There are a great many exploits in all manner of Drupal 4,5,6 modules and we
fairly well know them for the PLUG site.
On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <phrkonaleash at gmail.com> wrote:
> Multiple issues, time for an update, all you Drupal users!
>
> Cross-site scripting
>
> The Forum module does not correctly handle certain arguments obtained from
> the
> URL. By enticing a suitably privileged user to visit a specially crafted
> URL,
> a malicious user is able to insert arbitrary HTML and script code into
> forum
> pages. Such a cross-site scripting attack may lead to the malicious user
> gaining administrative access. Wikipedia has more information about
> cross-site
> scripting (XSS).
>
> This issue affects Drupal 6.x only
>
> http://drupal.org/node/507572
>
> Ryan
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
(623)239-3392 Skype: obn0sis
(503)754-4452 www.obnosis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090706/2aebfc75/attachment.htm
More information about the PLUG-discuss
mailing list