Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities

Drupal is prone to multiple access-bypass and cross-site scripting vulnerabilities.

An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.

Drupal 6.x versions prior to 6.28 and 7.x versions prior to 7.19 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus