Article Source Fedora 11 Security Updates
December 17, 2009, 7:19 pm
December 17, 2009, 7:19 pm
¬â€
The Contact module does not correctly handle certain user input when
displaying category information. Users privileged to create contact
categories can insert arbitrary HTML and script code into the contact module
administration page. Such a cross-site scripting attack may lead to the
malicious user gaining administrative access. Wikipedia has more information
about cross-site scripting [1] (XSS). This issue affects Drupal 6.x and
Drupal 5.x…
¬â€
Read More¬â€
