FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)
High Nessus Plugin ID 54838
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDrupal Team reports :
A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen error display at admin / settings / error-reporting. This is the recommended setting for production sites.
When using re-colorable themes, color inputs are not sanitized.
Malicious color values can be used to insert arbitrary CSS and script code. Successful exploitation requires the 'Administer themes' permission.
SolutionUpdate the affected package.