WE don&#39;t run forums on the PLUG site Ryan.<br><br>There are a great many exploits in all manner of Drupal 4,5,6 modules and we fairly well know them for the PLUG site.<br><br><br><div class="gmail_quote">On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <span dir="ltr">&lt;<a href="mailto:phrkonaleash@gmail.com">phrkonaleash@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Multiple issues, time for an update, all you Drupal users!<br>
<br>
Cross-site scripting<br>
<br>
The Forum module does not correctly handle certain arguments obtained from the<br>
URL. By enticing a suitably privileged user to visit a specially crafted URL,<br>
a malicious user is able to insert arbitrary HTML and script code into forum<br>
pages. Such a cross-site scripting attack may lead to the malicious user<br>
gaining administrative access. Wikipedia has more information about cross-site<br>
scripting (XSS).<br>
<br>
This issue affects Drupal 6.x only<br>
<br>
<a href="http://drupal.org/node/507572" target="_blank">http://drupal.org/node/507572</a><br>
<br>
Ryan<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>(623)239-3392 Skype: obn0sis<br>(503)754-4452 <a href="http://www.obnosis.com">www.obnosis.com</a><br><br><br><br><br><br>