Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities

Published: 2010-03-09 21:32:06

CVSS Base Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Recommendations:
Updates are available. Please see the references for details.

Summary:
Drupal is prone to multiple vulnerabilities, including cross-site scripting issues, a phishing issue, and a security-bypass issue.

Impact:
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions, or perform other attacks.

Affected Versions:
Drupal 5.x prior to 5.22 Drupal 6.x prior to 6.16.

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/38545

References:

http://www.securityfocus.com/bid/38545
http://drupal.org
http://drupal.org/node/731710

Search
Severity
Medium
CVSS Score
4.3

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.