2 matches found
CVE-2009-3206
CVE-2009-3206 describes multiple cross-site scripting (XSS) vulnerabilities in the Drupal ImageCache module, affecting 5.x versions prior to 5.x-2.5 and 6.x prior to 6.x-2.0-beta10. The flaws allow remote authenticated users with the "administer imagecache" permission to inject arbitrary web scri...
CVE-2009-3207
CVE-2009-3207 affects Drupal’s ImageCache module (5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10). The root cause is improper access control for derivative images when the private file system is used, allowing remote attackers to view arbitrary images by crafting a request that specifies an ima...