Aviso de seguridad: Printer, e-mail and PDF versions

Submitted by oskar on Jue, 16/04/2009 - 10:21

* Advisory ID: DRUPAL-SA-CONTRIB-2009-020
* Project: Printer, e-mail and PDF versions (third-party module)
* Version: 5.x, 6.x
* Date: 2009-April-15
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: Cross-site scripting (XSS)

-------- DESCRIPTION ---------------------------------------------------------

The Printer, e-mail and PDF versions ("Print") module provides
printer-friendly versions of content. The module does not correctly escape
content titles, enabling malicious users to insert arbitrary HTML and scripts
into certain pages. Such a cross site scripting [1] (XSS) attack against
sufficiently privileged users may lead to administrator access to the site.

-------- VERSIONS AFFECTED ---------------------------------------------------

* Versions of Printer, e-mail and PDF versions for Drupal 5.x prior to
5.x-4.5
* Versions of Printer, e-mail and PDF versions for Drupal 6.x prior to
6.x-1.5

Drupal core is not affected. If you do not use the contributed Printer,
e-mail and PDF versions module, there is nothing you need to do.

-------- SOLUTION ------------------------------------------------------------

Install the latest version:

* If you use Printer, e-mail and PDF versions for Drupal 5.x upgrade to
Printer, e-mail and PDF versions 5.x-4.5 [2]
* If you use Printer, e-mail and PDF versions for Drupal 5.x upgrade to
Printer, e-mail and PDF versions 6.x-1.5 [3]

See also the Printer, e-mail and PDF versions project page [4].

-------- REPORTED BY ---------------------------------------------------------

Stéphane Corlosquet [5]

-------- FIXED BY ------------------------------------------------------------

Peter Wolanin [6]

-------- CONTACT -------------------------------------------------------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at http://drupal.org/contact [7].

[1] http://en.wikipedia.org/wiki/Cross-site_scripting
[2] http://drupal.org/node/434718
[3] http://drupal.org/node/434720
[4] http://drupal.org/project/print
[5] http://drupal.org/user/52142
[6] http://drupal.org/user/49851
[7] http://drupal.org/contact

Trackback URL for this post:

http://www.documentados.com/trackback/226

mbt m.walk shoes

Submitted by mbt m.walk shoes (no verificado) on Lun, 26/07/2010 - 14:12.

The mbt shoe moon always looks bigger when it is near the horizon, as compared with when its high in the mbt panda clearance sky. But the reasons for that are still a matter of debate among psychologists: One mbt m.walk shoes factor is that the moon proximity to the horizon leads the viewer to see it alongside tiny distant objects on the mbt chapa shoes horizon. Our primate brains are programmed to perceive the moon as being even farther away, and much bigger than those distant mbt shuguli gtx shoes objects. But when the moon is hanging in a big empty sky, our brains do not make that perceptual mbt sport shoes connection quite as easily. Some researchers say we perceive the heavens as a shallow mbt kisumu sandals inverted bowl. http://www.mbtshoessale.com/ 26 July CHF

Enviar un comentario nuevo

El contenido de este campo se mantiene como privado y no se muestra públicamente.
  • Las direcciones de las páginas web y las de correo se convierten en enlaces automáticamente.
  • Allowed HTML tags: <a> <em> <strong> <cite> <strike> <code> <ul> <ol> <li> <dl> <dt> <dd><img><p><div><blockquote>
  • Saltos automáticos de líneas y de párrafos.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
Esto es para evitar spam, y ver que eres humano :)
Image CAPTCHA
Enter the characters shown in the image.