This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Drupal Team reports :
A reflected cross site scripting vulnerability was discovered in
Drupal's error handler. Drupal displays PHP errors in the messages
area, and a specially crafted URL can cause malicious scripts to be
injected into the message. The issue can be mitigated by disabling
on-screen error display at admin / settings / error-reporting. This is
the recommended setting for production sites.
When using re-colorable themes, color inputs are not sanitized.
Malicious color values can be used to insert arbitrary CSS and script
code. Successful exploitation requires the 'Administer themes'
See also :
Update the affected package.
Risk factor :
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 54838 ()
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.