1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
PublicDate: 2007-10-19
Candidate: CVE-2007-5596
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5596
Description:
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3
places the .html extension on a whitelist, which allows remote attackers to
conduct cross-site scripting (XSS) attacks by uploading .html files.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/drupal5/+bug/154811
Priority: low
Assigned-to:
upstream_drupal5: 5.3
dapper_drupal5: DNE
edgy_drupal5: DNE
feisty_drupal5: DNE
gutsy_drupal5: released (5.2-2ubuntu2.1)
devel_drupal5: not-affected (5.5-1ubuntu1)
|