FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

High Nessus Plugin ID 54838


The remote FreeBSD host is missing a security-related update.


Drupal Team reports :

A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen error display at admin / settings / error-reporting. This is the recommended setting for production sites.

When using re-colorable themes, color inputs are not sanitized.
Malicious color values can be used to insert arbitrary CSS and script code. Successful exploitation requires the 'Administer themes' permission.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 54838

File Name: freebsd_pkg_1acf9ec5877d11e0b937001372fd0af2.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2011/05/27

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2011/05/26

Vulnerability Publication Date: 2011/05/25