FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal Team reports :

A reflected cross site scripting vulnerability was discovered in
Drupal's error handler. Drupal displays PHP errors in the messages
area, and a specially crafted URL can cause malicious scripts to be
injected into the message. The issue can be mitigated by disabling
on-screen error display at admin / settings / error-reporting. This is
the recommended setting for production sites.

When using re-colorable themes, color inputs are not sanitized.
Malicious color values can be used to insert arbitrary CSS and script
code. Successful exploitation requires the 'Administer themes'

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 54838 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now