Scoutnet vzw http://forum.scoutnet.be/ |
|
[Drupal] Security announcements: Live - XSS forgery http://forum.scoutnet.be/viewtopic.php?f=19&t=2090 |
Pagina 1 van 1 |
Auteur: | To [ 20 Mrt 2008 17:54 ] |
Titel: | [Drupal] Security announcements: Live - XSS forgery |
------------SA-2008-021 - LIVE - CROSS SITE REQUEST FORGERY------------ * Advisory ID: DRUPAL-SA-2008-021 * Project: Live (third-party module) * Version: 5.x * Date: 2008-March-23 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Cross site request forgery ------------DESCRIPTION------------ The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. ------------VERSIONS AFFECTED------------ * Live for Drupal 5.x before Live 5.x-0.1 Drupal core is not affected. If you do not use the contributed Live module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * Upgrade to Live 5.x-0.1 [ http://drupal.org/node/236609 ]. See also the Live project page [ http://drupal.org/project/live ]. ------------REPORTED BY------------ The Drupal Security Team. ------------CONTACT------------ The security contact for Drupal can be reached via email at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |