Drupal Image Upload HTML Injection Vulnerability

Drupal Image Upload HTML Injection Vulnerability

References:

[DSA 958-1] New drupal packages fix several vulnerabilities (Debian)
Microsoft Internet Explorer 6.0 Embedded Content Cross Site Scripting (GIF) (securiteam.com)
vBulletin 3.5.1 Released (vBulletin)
Vendor Homepage (Kyberna)
Vendor Homepage (Drupal)
XSS and HTTP header injection vulnerability with uploaded files (Drupal)

Privacy Statement
Copyright 2010, SecurityFocus