Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities

Drupal is prone to multiple remote vulnerabilities, including multiple cross-site scripting issues and a cross-site request-forgery issue.

Attackers can exploit these issues to execute arbitrary script code in the browser of a user in the context of the affected site, steal cookie-based authentication credentials, and perform certain actions using users' active sessions; other attacks are also possible.

These issues affect versions prior to Drupal 4.7.11 and 5.6.


Privacy Statement
Copyright 2010, SecurityFocus