Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.800908 |
Kategorie: | Web application abuses |
Titel: | Drupal XSS and Code Injection Vulnerability |
Zusammenfassung: | The host is installed with Drupal and is prone to Cross Site Scripting and; Remote Code Injection vulnerabilities. |
Beschreibung: | Summary: The host is installed with Drupal and is prone to Cross Site Scripting and Remote Code Injection vulnerabilities. Vulnerability Insight: Multiple flaws arise because, - The users can modify user signatures after the associated comment format is changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary code via a crafted user signature. - When input passed into the unspecified vectors in the Forum module is not properly sanitised before being returned to the user. Vulnerability Impact: Attackers can exploit this issue to conduct script insertion attacks and inject and execute arbitrary PHP, HTML and script code. Affected Software/OS: Drupal version 6.x before 6.13 on all platforms. Solution: Upgrade to Drupal 6.13 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 35548 Common Vulnerability Exposure (CVE) ID: CVE-2009-2372 http://osvdb.org/55525 http://www.securitytracker.com/id?1022497 http://secunia.com/advisories/35681 Common Vulnerability Exposure (CVE) ID: CVE-2009-2373 http://osvdb.org/55524 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |