Drupal 6.11 had been released with some major security fixes.This is the eleventh maintenance and security patch for drupal 6.Although no new features are being added to drupal 6 anymore,this patch fixes a lot of bugs and performance issues.The most interesting issue that has been fixed is Drupal core Cross Site Scripting vulnerabilities.The XSS attacks occur while outputting the user supplied data where drupal strips the meaningful html tags,attributes and special characters.This vulnerability is limited to forms present on the front page. The user login form is not vulnerable.
Versions Affected
Drupal 5.x before version 5.17.
Drupal 6.x before version 6.11.
Patch
The information disclosure vulnerability was reported by Moritz Naumann.
Thanks
By: Lagerlogistik on May 9, 2009
at 7:21 pm