LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

drupal6-ctools: cross-site scripting

Package(s):drupal6-ctools CVE #(s):CVE-2012-5559
Created:December 19, 2012 Updated:December 19, 2012
Description:

From the Red Hat bugzilla entry:

The Chaos tool suite is primarily a set of APIs and tools to improve the developer experience. The page manager node view task does not sufficiently escape node titles when setting the page title, allowing XSS. This vulnerability is partially [mitigated] by the node task being disabled by default and limited to users that have the ability to submit or edit nodes.

Alerts:
Fedora FEDORA-2012-19464 2012-12-13
Fedora FEDORA-2012-19449 2012-12-13
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds