Application: Drupal
Affected Version: versions prior to 5.x-1.7 and 6.x-1.0-rc1.
Vendor’s URL: Advertisement Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.7 or 6.x-1.0-rc1.
Application: Drupal
Affected Version: version 5.x-2.5 and other versions.
Vendor’s URL: Link Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Grant the “administer content types” privilege to trusted users only.
Edit the source code to ensure that input is properly sanitised.
Application: Drupal
Affected Version: versions prior to 5.x-1.3 and 6.x-1.4.
Vendor’s URL: Views Bulk Operations Module
Bug Type: Cross Site Scripting
Risk Level: Critical
Solution:
Update to version 5.x-1.3 or 6.x-1.4.
Application: Drupal
Affected Version: version 5.x-2.2 and other versions.
Vendor’s URL: ImageField Module
Bug Type: System access
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised and verified.
Application: Joomla!
Affected Version:
Vendor’s URL: WebAmoeba Ticket System Component
Bug Type: SQL Injection
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: Joomla
Affected Version: version 5.0 and other versions.
Vendor’s URL: BazaarBuilder Shopping Cart
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Application: osCommerce
Affected Version: version 2.2 Release Candidate 2a
Vendor’s URL: osCommerce
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Do not visit untrusted sites while being logged in to the application.
Application: Coppermine
Affected Version: version 1.4.19 and other versions.
Vendor’s URL: Photo Gallery
Bug Type: Security Bypass
Risk Level: Critical
Solution:
Update to version 1.4.20.