Drupal 7.x < 7.19 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 9725
SynopsisThe remote server is hosting an outdated installation of Drupal that is vulnerable to multiple attack vectors.
DescriptionThe version of Drupal installed on the remote server is 7.x prior to 7.19, and is affected by the following vulnerabilities :
- A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input during DOM element selection. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2013-0244)
- A flaw in the Printer Friendly Version book module may lead to unauthorized disclosure of potentially sensitive information from an arbitrary node. No further details have been provided. (CVE-2013-0245)
- A flaw exists in the Image module due to the program failing to properly give permissions to derivative images. Under certain circumstances, a remote attacker can gain access to derivative images that do not inherit the permissions of the program. (CVE-2013-0246)
SolutionUpgrade to Drupal 7.19 or later.