FreeBSD : drupal -- Multiple XSS vulnerabilities (1f5b711b-3d0e-11dc-b3d3-0016179b2dd5)

High Nessus Plugin ID 25803


The remote FreeBSD host is missing one or more security-related updates.


The Drupal Project reports :

Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website.

Custom content type names are not escaped consistently. A malicious user with the 'administer content types' permission would be able to inject and execute arbitrary HTML and script code on the website.
Revoking the 'administer content types' permission provides an immediate workaround.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 25803

File Name: freebsd_pkg_1f5b711b3d0e11dcb3d30016179b2dd5.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2007/07/30

Modified: 2014/08/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal4, p-cpe:/a:freebsd:freebsd:drupal5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2007/07/28

Vulnerability Publication Date: 2007/07/26

Reference Information

Secunia: 26224