FreeBSD : Drupal Views plugin -- XSS (ff8b419a-0ffa-11e0-becc-0022156e8794)

Medium Nessus Plugin ID 51387


The remote FreeBSD host is missing a security-related update.


Drupal security team reports :

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting (XSS) vulnerability. An attacker could exploit this to gain full administrative access.

Mitigating factors: This vulnerability only occurs with a specific combination of configuration options for a specific View, but this combination is used in the default Views provided by some additional modules. A malicious user would need to get an authenticated administrative user to visit a specially crafted URL.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 51387

File Name: freebsd_pkg_ff8b419a0ffa11e0becc0022156e8794.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2010/12/29

Modified: 2014/08/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal6-views, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/12/28

Vulnerability Publication Date: 2010/12/15

Reference Information

CVE: CVE-2010-4521