Re: DRUPAL-SA-CORE-2009-007

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: DRUPAL-SA-CORE-2009-007
WE don't run forums on the PLUG site Ryan.

There are a great many exploits in all manner of Drupal 4,5,6 modules and we
fairly well know them for the PLUG site.


On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <> wrote:

> Multiple issues, time for an update, all you Drupal users!
>
> Cross-site scripting
>
> The Forum module does not correctly handle certain arguments obtained from
> the
> URL. By enticing a suitably privileged user to visit a specially crafted
> URL,
> a malicious user is able to insert arbitrary HTML and script code into
> forum
> pages. Such a cross-site scripting attack may lead to the malicious user
> gaining administrative access. Wikipedia has more information about
> cross-site
> scripting (XSS).
>
> This issue affects Drupal 6.x only
>
> http://drupal.org/node/507572
>
> Ryan
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>




--
(623)239-3392 Skype: obn0sis
(503)754-4452 www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss