WE don't run forums on the PLUG site Ryan.

There are a great many exploits in all manner of Drupal 4,5,6 modules and we
fairly well know them for the PLUG site.


On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <phrkonaleash@gmail.com> wrote:

> Multiple issues, time for an update, all you Drupal users!
>
> Cross-site scripting
>
> The Forum module does not correctly handle certain arguments obtained from
> the
> URL. By enticing a suitably privileged user to visit a specially crafted
> URL,
> a malicious user is able to insert arbitrary HTML and script code into
> forum
> pages. Such a cross-site scripting attack may lead to the malicious user
> gaining administrative access. Wikipedia has more information about
> cross-site
> scripting (XSS).
>
> This issue affects Drupal 6.x only
>
> http://drupal.org/node/507572
>
> Ryan
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(623)239-3392 Skype: obn0sis
(503)754-4452 www.obnosis.com