User: Password:
Subscribe / Log in / New account

drupal7-views: cross-site scripting

Package(s):drupal7-views CVE #(s):CVE-2013-1887
Created:April 1, 2013 Updated:April 3, 2013
Description: From the Drupal advisory:

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.

The module incorrectly prints some view configuration fields without proper sanitization opening a Cross-Site Scripting vulnerability.

The vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer vocabularies and terms" or other administer-related permissions from contributed modules that integrate with Views.

Fedora FEDORA-2013-4134 drupal7-views 2013-03-30
Fedora FEDORA-2013-4215 drupal7-views 2013-03-30

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds