FreeBSD : drupal -- multiple vulnerabilities (6da7344b-128a-11db-b25f-00e00c69a70d)
Low Nessus Plugin ID 22052
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Drupal team reports :
Vulnerability: XSS Vulnerability in taxonomy module
It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
SolutionUpdate the affected package.