Debian Linux Security Advisory 2776-1 - Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.
45a72bfd68d855596936144a4be64a54d8096cdaf8020e5dd7667dc60a77524eMandriva Linux Security Advisory 2013-074 - Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted strings. This vulnerability is mitigated by the fact that users must have the ability to post content sent to the filter system such as a role with the post comments or Forum topic: Create new content permission. Drupal core's Form API allows users to set a destination, but failed to validate that the URL was internal to the site. Various other issues were also addressed.
305565fad63e2c490bf4982c07542b89e5b1bdde6be00766a998df8012622803
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed