Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11802
HistoryMar 14, 2006 - 12:00 a.m.

[DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue

2006-03-1400:00:00
vulners.com
5

Drupal security advisory DRUPAL-SA-2006-002

Advisory ID: DRUPAL-SA-2006-002
Project: Drupal core
Date: 2006-03-13
Security risk: less critical
Impact: cross-site scripting
Where: from remote
Vulnerability: cross-site scripting

Description

Some user input sanity checking was missing. This could lead to
possible cross-site scripting (XSS) attacks.

XSS can lead to user tracking and theft of accounts and services.

Versions affected

All Drupal versions before 4.6.6.

Solution

If you are running Drupal 4.5.x then upgrade to Drupal 4.5.8.
If you are running Drupal 4.6.x then upgrade to Drupal 4.6.6.

Contact

The security contact for Drupal can be reached at [email protected]
or using the form at http://drupal.org/contact.
More information is available from http://drupal.org/security or from
our security RSS feed http://drupal.org/security/rss.xml.

// Uwe Hermann, on behalf of the Drupal Security Team.

Uwe Hermann
http://www.hermann-uwe.de
http://www.it-services-uh.de | http://www.crazy-hacks.org
http://www.holsham-traders.de | http://www.unmaintained-free-software.org