4 matches found
Debian DSA-1930-1 : drupal6 - several vulnerabilities
Several vulnerabilities have been found in drupal6, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled. It is possible for...
[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1930-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 07, 2009 http://www.debian.org/security/faq -...
FreeBSD Ports: drupal5
The remote host is missing an update to the system as announced in the referenced advisory. VID be927298-6f97-11de-b444-001372fd0af2 OpenVAS Vulnerability Test $ Description: Auto generated from VID be927298-6f97-11de-b444-001372fd0af2 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
CVE-2009-2372
CVE-2009-2372 affects Drupal 6.x prior to 6.13, where remote authenticated users could inject arbitrary HTML/JS (and possibly PHP) through crafted user signatures after the comment input format was changed to an administrator-controlled format. The issue arises from how user signatures are proces...