FreeBSD : drupal -- XSS (register_globals) (f0fa19dd-c060-11dc-982e-001372fd0af2)
Low Nessus Plugin ID 29952
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Drupal Project reports :
When theme .tpl.php files are accessible via the web and the PHP setting register_globals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links.
Drupal's .htaccess attempts to set register_globals to disabled and also prevents access to .tpl.php files. Only when both these measures are not effective and your PHP interpreter is configured with register_globals set to enabled, will this issue affect you.
SolutionUpdate the affected packages.