|
Description
|
|
Multiple vulnerabilities have been identified in Drupal, which could be exploited to bypass restrictions or gain knowledge of sensitive information.
The first issue is caused by an input validation weakness in the error handler, which could allow cross site scripting attacks.
The second vulnerability is caused by an input validation error in the Color module, which could allow a user with "Administer themes" permissions to conduct cross site scripting attacks.
The third issue is caused by an access validation error in the File module when using private files in combination with a node access module, which could allow unrestricted access to private files.
|
