The version of Drupal installed on the remote server is 7.x prior to 7.19, and is affected by the following vulnerabilities :
- A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input during DOM element selection. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2013-0244)
- A flaw in the Printer Friendly Version book module may lead to unauthorized disclosure of potentially sensitive information from an arbitrary node. No further details have been provided. (CVE-2013-0245)
- A flaw exists in the Image module due to the program failing to properly give permissions to derivative images. Under certain circumstances, a remote attacker can gain access to derivative images that do not inherit the permissions of the program. (CVE-2013-0246)