drupal7

2011-05-28

Page content

Author: Miklos Vajna
Vulnerable: 7.0-1
Unaffected: 7.2-1nexon1

A vulnerability and a security issue have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions.

An error in the Color module can be exploited to conduct script insertion attacks. For more information see vulnerability #2 in: FSA721.
A security issue in the File module (modules/file/file.module) in combination with restrictions via a node access module can be exploited to disclose private files.

Bug Tracker URL: http://bugs.frugalware.org/task/4498

CVEs:

No CVE, see http://drupal.org/node/1168756