FreeBSD : drupal -- multiple vulnerabilities (609c790e-ce0a-11dd-a721-0030843d3802)
Medium Nessus Plugin ID 35242
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Drupal Project reports :
The update system is vulnerable to Cross site request forgeries.
Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.
When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.
SolutionUpdate the affected packages.