FreeBSD : Drupal Views plugin -- XSS (ff8b419a-0ffa-11e0-becc-0022156e8794)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal security team reports :

The Views module provides a flexible method for Drupal site designers
to control how lists and tables of content are presented. Under
certain circumstances, Views could display parts of the page path
without escaping, resulting in a relected Cross Site Scripting (XSS)
vulnerability. An attacker could exploit this to gain full
administrative access.

Mitigating factors: This vulnerability only occurs with a specific
combination of configuration options for a specific View, but this
combination is used in the default Views provided by some additional
modules. A malicious user would need to get an authenticated
administrative user to visit a specially crafted URL.

See also :

http://drupal.org/node/999380
http://www.nessus.org/u?6a5c375c

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51387 ()

Bugtraq ID:

CVE ID: CVE-2010-4521

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now