FreeBSD : drupal -- multiple XSS (751823d4-f189-11de-9344-00248c9b4be7)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Drupal Team reports :

The Contact module does not correctly handle certain user input when
displaying category information. Users privileged to create contact
categories can insert arbitrary HTML and script code into the contact
module administration page. Such a cross-site scripting attack may
lead to the malicious user gaining administrative access.

The Menu module does not correctly handle certain user input when
displaying the menu administration overview. Users privileged to
create new menus can insert arbitrary HTML and script code into the
menu module administration page. Such a cross-site scripting attack
may lead to the malicious user gaining administrative access.

See also :

http://drupal.org/node/661586
http://www.nessus.org/u?9c8d70d1

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 43596 (freebsd_pkg_751823d4f18911de934400248c9b4be7.nasl)

Bugtraq ID:

CVE ID: CVE-2009-4370

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now