Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Authoring HTML模块跨站脚本漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中的Authoring HTML模块6.x-1.1之前的6.x-1.x版本中的classes/Filter/WhitelistedExternalFilter.php中存在漏洞,该漏洞源于未正确验证主白名单的源。远程认证用户可利用该漏洞绕过目地访问限制和进行跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A