Description

Drupal Core is prone to multiple vulnerabilities, including cross-site scripting and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to perform otherwise restricted actions and subsequently access user accounts, uploaded files or republish previously unpublished comments. Drupal Core versions 6.x ranging from 6.0 and up to and including 6.17 are vulnerable.

Remediation

Update to Drupal Core version 6.18 or latest

References

http://www.madirish.net/434

https://www.drupal.org/node/880476

Related Vulnerabilities

WordPress Plugin WebLibrarian Cross-Site Scripting (3.4.8.6)

WordPress Plugin My Calendar Multiple Vulnerabilities (2.3.29)

MySQL CVE-2015-4830 Vulnerability (CVE-2015-4830)

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)

WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)

Severity

High

Classification

CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686 CWE-79 CWE-264 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update