In association with heise online

11 July 2008, 13:33

Security update for Drupal CMS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the Drupal CMS have released versions 5.8 and 6.3, which close cross-site scripting, cross-request forgery, and SQL injection holes. In particular, the OpenID module contains XSS vulnerabilities that attackers could exploit to steal login data. Users who cannot upgrade to the new versions are advised to install the patches for Drupal 5.7 or 6.2.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit