October 13, 2009, 5:46 pm
Resolved Bugs
528200 – CVE-2009-3648 drupal-service_links: xss vulnerability
528201 – CVE-2009-3648 drupal-service_links: xss vulnerability [Fedora 10]
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3648 to the following vulnerability: Name: CVE-2009-3648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3648 Assigned: 20091009 Reference: MISC: http://www.madirish.net/?article=251 Reference: BID:36584 Reference: URL: http://www.securityfocus.com/bid/36584 Reference: XF:servicelinks-content-type-xss(53633) Reference: URL: http://xforce.iss.net/xforce/xfdb/53633 Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with ‘administer content types’ permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. Checked drupal-service_links in CVS and this affects Fedora 10, 11, and rawhide…