Detections
Analytics

FreeBSD : drupal -- Multiple XSS vulnerabilities (1f5b711b-3d0e-11dc-b3d3-0016179b2dd5)

high Nessus Plugin ID 25803

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Drupal Project reports :

Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website.

Custom content type names are not escaped consistently. A malicious user with the 'administer content types' permission would be able to inject and execute arbitrary HTML and script code on the website.
Revoking the 'administer content types' permission provides an immediate workaround.

Solution

Update the affected packages.

See Also

http://drupal.org/node/162361

http://www.nessus.org/u?f60bc1c1

Plugin Details

Severity: High

ID: 25803

File Name: freebsd_pkg_1f5b711b3d0e11dcb3d30016179b2dd5.nasl

Version: 1.14

Type: local

Published: 7/30/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal4, p-cpe:/a:freebsd:freebsd:drupal5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/28/2007

Vulnerability Publication Date: 7/26/2007

Reference Information

Secunia: 26224