Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

时间:2021-07-27 01:08:24

Debian Security Advisory(Debian安全报告) DSA-4412-1 drupal7 security update

Package:drupal7

CVE ID:暂无

  Drupal是一个功能丰富的CMS,它的文件模块中没有对输入过滤可能会导致XSS。

  关于该漏洞的更多信息,请参考官方公告:https://www.drupal.org/sa-co-2019-004

  这个问题在7.52-2+deb9u7版本中得到了修复。

  有关drupal7的详细安全情况,请参考它的安全跟踪页面: https://securtracker.debian.org/tracker/drupal7

--------------------

Debian Security Advisory DSA-4412-1 drupal7 security update

Package        : drupal7
CVE ID         : not yet available

It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.

For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-004.

This problem has been fixed in version 7.52-2+deb9u7.

For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7