DRUPAL-SA-CORE-2009-007

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Ryan Rix
Date:  
To: Main PLUG discussion list
Subject: DRUPAL-SA-CORE-2009-007
Multiple issues, time for an update, all you Drupal users!

Cross-site scripting

The Forum module does not correctly handle certain arguments obtained from the
URL. By enticing a suitably privileged user to visit a specially crafted URL,
a malicious user is able to insert arbitrary HTML and script code into forum
pages. Such a cross-site scripting attack may lead to the malicious user
gaining administrative access. Wikipedia has more information about cross-site
scripting (XSS).

This issue affects Drupal 6.x only

http://drupal.org/node/507572

Ryan
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss