FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ff8b419a-0ffa-11e0-becc-0022156e8794	Drupal Views plugin -- cross-site scripting Drupal security team reports: The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting (XSS) vulnerability. An attacker could exploit this to gain full administrative access. Mitigating factors: This vulnerability only occurs with a specific combination of configuration options for a specific View, but this combination is used in the default Views provided by some additional modules. A malicious user would need to get an authenticated administrative user to visit a specially crafted URL. Discovery 2010-12-15 Entry 2010-12-28 drupal6-views < 2.12 CVE-2010-4521 http://drupal.org/node/999380

VuXML ID

Description

ff8b419a-0ffa-11e0-becc-0022156e8794

Drupal Views plugin -- cross-site scripting

Drupal security team reports:

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting (XSS) vulnerability. An attacker could exploit this to gain full administrative access.

Mitigating factors: This vulnerability only occurs with a specific combination of configuration options for a specific View, but this combination is used in the default Views provided by some additional modules. A malicious user would need to get an authenticated administrative user to visit a specially crafted URL.

Discovery 2010-12-15
Entry 2010-12-28
drupal6-views

< 2.12

CVE-2010-4521
http://drupal.org/node/999380