FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- multiple vulnerabilities

Affected packages
drupal5 < 5.14
drupal6 < 6.8

Details

VuXML ID 609c790e-ce0a-11dd-a721-0030843d3802
Discovery 2008-12-11
Entry 2008-12-19
Modified 2010-05-02

The Drupal Project reports:

The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.

When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.

[source]

References

CVE Name CVE-2008-6533
URL http://drupal.org/node/345441
URL http://secunia.com/advisories/33112/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.