drupal -- multiple vulnerabilities

2008-12-11T00:00:00
ID 609C790E-CE0A-11DD-A721-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2010-05-02T00:00:00

Description

The Drupal Project reports:

The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database. When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.