|
|
Log in / Subscribe / Register

drupal-date: cross site scripting

Package(s):drupal-date CVE #(s):
Created:July 31, 2009 Updated:September 21, 2009
Description: From the Fedora advisory: The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools sub-module, or the 'administer content types' permission could attempt a cross site scripting [1] (XSS) attack when creating a new content type, leading to the user gaining full administrative access.
Alerts:
Fedora FEDORA-2009-9754 drupal-date 2009-09-18
Fedora FEDORA-2009-9736 drupal-date 2009-09-18
Fedora FEDORA-2009-8184 drupal-date 2009-07-31
Fedora FEDORA-2009-8162 drupal-date 2009-07-31
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds