In association with heise online

20 October 2006, 15:02

Security update for CMS Drupal

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

New versions of Drupal, an open source content management system, are intended to remove three errors through which attackers could sneak arbitrary JavaScript code on to users' systems. The cross-site scripting vulnerability is related to a hole in the XML parser as well as the aggregator, profile, und forum modules. Attackers could spy on user data, among other actions. The flaw has been removed in version 4.6.10 and 4.7.4. The developers are also releasing patches. These remove not only the XSS vulnerabilities, but also several not-security related flaws.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit