------------SA-2008-021 - LIVE - CROSS SITE REQUEST FORGERY------------
* Advisory ID: DRUPAL-SA-2008-021
* Project: Live (third-party module)
* Version: 5.x
* Date: 2008-March-23
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: Cross site request forgery
------------DESCRIPTION------------
The contributed module Live provides previews of content items while typing them.
Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site.
------------VERSIONS AFFECTED------------
* Live for Drupal 5.x before Live 5.x-0.1
Drupal core is not affected. If you do not use the contributed Live module, there is nothing you need to do.
------------SOLUTION------------
Install the latest version:
* Upgrade to Live 5.x-0.1 [
http://drupal.org/node/236609 ].
See also the Live project page [
http://drupal.org/project/live ].
------------REPORTED BY------------
The Drupal Security Team.
------------CONTACT------------
The security contact for Drupal can be reached via email at security at drupal.org or via the form at [
http://drupal.org/contact ].