HNS MAIN FEED
Saturday, 05:23 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Drupal vCard Module Cross-Site Scripting
03 November 2009
vCard is a PHP-based module for the Drupal content manager. The vCard module is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The issue occurs when the "theme_vcard()" function is added to a theme and default content from the vCard module is output. vCard versions 6.x earlier to 6.x-1.3 and vCard versions 5.x earlier to 5.x-1.4 are affected by this issue.
Ref: http://drupal.org/node/610996
09.44.77 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Ref: http://drupal.org/node/610996
09.44.77 - CVE: Not Available
Platform: Web Application - Cross Site Scripting