Categories

Applications (244)
Blogs (7)
Content Management (158)
Customer Relationship (4)
Discussion Boards (35)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (357)
Access Bypass (53)
Cross Site Scripting (134)
Denial Of Service (2)
File Inclusion (53)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (137)
« vbDrupal SQL Injection and XSS
Drupal OpenID Module XSS »

Drupal XSS

Published by TL Guan July 17th, 2008 in Content Management and Cross Site Scripting.

Application: Drupal
Affected Version: version 5.x and 6.x.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to the latest versions or apply patch for version 5.7 or 6.2.

Drupal 5.x:
Update to version 5.8.
http://ftp.drupal.org/files/projects/drupal-5.8.tar.gz

Drupal 6.x
Update to version 6.3.
http://ftp.drupal.org/files/projects/drupal-6.3.tar.gz

Drupal 5.7:
Apply patch.
http://drupal.org/files/sa-2008-044/SA-2008-044-5.7.patch

Drupal 6.2:
Apply patch.
http://drupal.org/files/sa-2008-044/SA-2008-044-6.2.patch

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional