CMS Review

Serious bugs, marked SA-CORE-2010-001, have been fixed in the latest Drupal release. Some of them are:

• during installation user could attack with cross site scripting
• drupal_goto() function can be directed to other sites, which enables taking user's personal data
• locate module (and modules similar to it) is susceptible to cross site scripting
• in some circumstances, blocked user can save his session

More reported bugs have been fixed. Updating is strongly advised.

Dodaj kometarz

• Leave blank:
• Name:*
• E-mail:* (will not be published)
• Website:
• Opinion:*

* - required fields