DRUPAL-SA-CORE-2009-007
Stephen
cryptworks at gmail.com
Mon Jul 6 13:22:49 MST 2009
i think this is for all the others of us running drupal as much as for
the plug drupal
but both bits of info was great.
On Mon, Jul 6, 2009 at 1:20 PM, Lisa Kachold<lisakachold at obnosis.com> wrote:
> WE don't run forums on the PLUG site Ryan.
>
> There are a great many exploits in all manner of Drupal 4,5,6 modules and we
> fairly well know them for the PLUG site.
>
>
> On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <phrkonaleash at gmail.com> wrote:
>>
>> Multiple issues, time for an update, all you Drupal users!
>>
>> Cross-site scripting
>>
>> The Forum module does not correctly handle certain arguments obtained from
>> the
>> URL. By enticing a suitably privileged user to visit a specially crafted
>> URL,
>> a malicious user is able to insert arbitrary HTML and script code into
>> forum
>> pages. Such a cross-site scripting attack may lead to the malicious user
>> gaining administrative access. Wikipedia has more information about
>> cross-site
>> scripting (XSS).
>>
>> This issue affects Drupal 6.x only
>>
>> http://drupal.org/node/507572
>>
>> Ryan
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (623)239-3392 Skype: obn0sis
> (503)754-4452 www.obnosis.com
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
More information about the PLUG-discuss
mailing list