drupal
Page content
- Author: Miklos Vajna
- Vulnerable: 5.12-1solaria1
- Unaffected: 5.13-1solaria1
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.
-
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain operations (e.g. execute old updates) when a logged-in superuser visits a malicious web site.
-
The application does not completely remove deleted input formats. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in the context of an affected site.
- Bug Tracker URL: http://bugs.frugalware.org/task/3512
CVEs:
- No CVE, see http://drupal.org/node/345441.