| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Weblinks - XSS http://forum.scoutnet.be/viewtopic.php?f=19&t=1978 |
Pagina 1 van 1 |
| Auteur: | To [ 20 Okt 2007 13:17 ] |
| Titel: | [Drupal] Security announcements: Weblinks - XSS |
------------SA-2007-028 - WEBLINKS - CROSS SITE SCRIPTING ------------ * Advisory ID: DRUPAL-SA-2007-028 * Project: Weblinks (third-party module) * Version: 4.7.x, 5.x * Date: 2007-October-17 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Cross site scripting ------------DESCRIPTION------------ User input is not properly sanitized on a number of pages. This allows malicious users to inject arbitrary HTML and script code into these pages, which may lead to administrator access if certain conditions are met. Learn more about cross site scripting on Wikipedia [ http://en.wikipedia.org/wiki/Cross_site_scripting ]. ------------VERSIONS AFFECTED------------ * Weblinks for Drupal 4.7.x before Weblinks 4.7.x-1.0. * Weblinks for Drupal 5.x before Weblinks 5.x-1.8. Drupal core is not affected. If you do not use the contributed Weblinks module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * If you use Drupal 4.7.x upgrade to Weblinks 4.7.x-1.0 [ http://drupal.org/node/184021 ]. * If you use Drupal 5.x upgrade to Weblinks 5.x-1.8 [ http://drupal.org/node/184020 ]. See also the Weblinks project page [ http://drupal.org/project/weblinks ]. ------------REPORTED BY------------ The Weblinks module maintainer Brandon Bergren (Bdragon [ http://drupal.org/user/53081 ]). ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|