FreeBSD : drupal6-cck -- XSS (03d22656-2690-11de-8226-0030843d3802)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal CCK plugin developer reports :

The Node reference and User reference sub-modules, which are part of
the Content Construction Kit (CCK) project, lets administrators define
node fields that are references to other nodes or to users. When
displaying a node edit form, the titles of candidate referenced nodes
or names of candidate referenced users are not properly filtered,
allowing malicious users to inject arbitrary code on those pages. Such
a cross site scripting (XSS) attack may lead to a malicious user
gaining full administrative access.

See also :

http://drupal.org/node/406520
http://www.nessus.org/u?11381761

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36136 (freebsd_pkg_03d22656269011de82260030843d3802.nasl)

Bugtraq ID: 34172

CVE ID: CVE-2009-1069

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now