Debian发布DSA - 4412 - 1安全报告,指出功能丰富的CMS Drupal的文件模块因未对输入过滤,可能导致XSS。该漏洞暂无CVE ID,更多信息可参考官方公告。此问题在7.52 - 2+deb9u7版本中已修复,详细安全情况可查看其安全跟踪页面。
Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update
Package:drupal7
CVE ID:暂无
Drupal是一个功能丰富的CMS,它的文件模块中没有对输入过滤可能会导致XSS。
关于该漏洞的更多信息,请参考官方公告:https://www.drupal.org/sa-co-2019-004。
这个问题在7.52-2+deb9u7版本中得到了修复。
有关drupal7的详细安全情况,请参考它的安全跟踪页面: https://securtracker.debian.org/tracker/drupal7
--------------------
Debian Security Advisory DSA-4412-1 drupal7 security update
Package : drupal7
CVE ID : not yet available
It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.
For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-004.
This problem has been fixed in version 7.52-2+deb9u7.
For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
