FreeBSD : drupal -- multiple XSS (751823d4-f189-11de-9344-00248c9b4be7)

low Nessus Plugin ID 43596

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Drupal Team reports :

The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

The Menu module does not correctly handle certain user input when displaying the menu administration overview. Users privileged to create new menus can insert arbitrary HTML and script code into the menu module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access.

Solution

Update the affected packages.

See Also

http://drupal.org/node/661586

http://www.nessus.org/u?8acabb0c

Plugin Details

Severity: Low

ID: 43596

File Name: freebsd_pkg_751823d4f18911de934400248c9b4be7.nasl

Version: 1.12

Type: local

Published: 12/27/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal5, p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/25/2009

Vulnerability Publication Date: 12/16/2009

Reference Information

CVE: CVE-2009-4370

CWE: 79