Multiple issues, time for an update, all you Drupal users!
Cross-site scripting
The Forum module does not correctly handle certain arguments obtained from the
URL. By enticing a suitably privileged user to visit a specially crafted URL,
a malicious user is able to insert arbitrary HTML and script code into forum
pages. Such a cross-site scripting attack may lead to the malicious user
gaining administrative access. Wikipedia has more information about cross-site
scripting (XSS).
This issue affects Drupal 6.x only
http://drupal.org/node/507572
Ryan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)