Detections
Analytics

FreeBSD : Drupal Views plugin -- XSS (ff8b419a-0ffa-11e0-becc-0022156e8794)

medium Nessus Plugin ID 51387

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Drupal security team reports :

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting (XSS) vulnerability. An attacker could exploit this to gain full administrative access.

Mitigating factors: This vulnerability only occurs with a specific combination of configuration options for a specific View, but this combination is used in the default Views provided by some additional modules. A malicious user would need to get an authenticated administrative user to visit a specially crafted URL.

Solution

Update the affected package.

See Also

http://drupal.org/node/999380

http://www.nessus.org/u?3c5d09df

Plugin Details

Severity: Medium

ID: 51387

File Name: freebsd_pkg_ff8b419a0ffa11e0becc0022156e8794.nasl

Version: 1.9

Type: local

Published: 12/29/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal6-views, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/28/2010

Vulnerability Publication Date: 12/15/2010

Reference Information

CVE: CVE-2010-4521