Описание
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-3741
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44446
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
- http://drupal.org/node/295053
- http://secunia.com/advisories/31462
- http://secunia.com/advisories/31825
- http://www.securityfocus.com/bid/30689
- http://www.vupen.com/english/advisories/2008/2392
Связанные уязвимости
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...