Re: DRUPAL-SA-CORE-2009-007

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMLisa Kachold at <-
MRyan Rix at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Stephen
Date:  
To: Main PLUG discussion list
Subject: Re: DRUPAL-SA-CORE-2009-007
i think this is for all the others of us running drupal as much as for
the plug drupal

but both bits of info was great.

On Mon, Jul 6, 2009 at 1:20 PM, Lisa Kachold<> wrote:
> WE don't run forums on the PLUG site Ryan.
>
> There are a great many exploits in all manner of Drupal 4,5,6 modules and we
> fairly well know them for the PLUG site.
>
>
> On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <> wrote:
>>
>> Multiple issues, time for an update, all you Drupal users!
>>
>> Cross-site scripting
>>
>> The Forum module does not correctly handle certain arguments obtained from
>> the
>> URL. By enticing a suitably privileged user to visit a specially crafted
>> URL,
>> a malicious user is able to insert arbitrary HTML and script code into
>> forum
>> pages. Such a cross-site scripting attack may lead to the malicious user
>> gaining administrative access. Wikipedia has more information about
>> cross-site
>> scripting (XSS).
>>
>> This issue affects Drupal 6.x only
>>
>> http://drupal.org/node/507572
>>
>> Ryan
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (623)239-3392 Skype: obn0sis
> (503)754-4452 www.obnosis.com
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: DRUPAL-SA-CORE-2009-007Re: Series 2 Tivo Setup Help PLEASE->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)