Mandriva Linux Security Advisory 2013-074 - Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted strings. This vulnerability is mitigated by the fact that users must have the ability to post content sent to the filter system such as a role with the post comments or Forum topic: Create new content permission. Drupal core's Form API allows users to set a destination, but failed to validate that the URL was internal to the site. Various other issues were also addressed.
305565fad63e2c490bf4982c07542b89e5b1bdde6be00766a998df8012622803
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed