|Created:||April 1, 2013||Updated:||April 3, 2013|
|Description:||From the Drupal advisory:
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.
The module incorrectly prints some view configuration fields without proper sanitization opening a Cross-Site Scripting vulnerability.
The vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer vocabularies and terms" or other administer-related permissions from contributed modules that integrate with Views.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds