GoogleOSV:DSA-958-1drupal - several
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.094 Low
EPSS
Percentile
93.9%
Several security related problems have been discovered in drupal, a
fully-featured content management/discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
- CVE-2005-3973
Several cross-site scripting vulnerabilities allow remote
attackers to inject arbitrary web script or HTML. - CVE-2005-3974
When running on PHP5, Drupal does not correctly enforce user
privileges, which allows remote attackers to bypass the “access
user profiles” permission. - CVE-2005-3975
An interpretation conflict allows remote authenticated users to
inject arbitrary web script or HTML via HTML in a file with a GIF
or JPEG file extension.
The old stable distribution (woody) does not contain drupal packages.
For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-5.
For the unstable distribution (sid) these problems have been fixed in
version 4.5.6-1.
We recommend that you upgrade your drupal package.
References
Related
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.094 Low
EPSS
Percentile
93.9%