Sikkerhedsadvarsel: Views Bulk Operations

Drupals security team har udsendt en advarsel vedr. modulet Views bulk operations, som bliver benyttet i Ding:

"The Views Bulk Operations (VBO) module allows actions and rules to be run on

the selected views rows (nodes, terms, user, etc). It also bundles several
convenient actions. One of those actions allows the bulk modification of
taxonomy terms on a node.

When using the "Modify node taxonomy terms" action to modify taxonomy, and
the vocabulary has user tagging enabled, the vocabulary help (if any) is
shown without being filtered first, leading to a cross site scripting
vulnerability.

This vulnerability is mitigated by the fact that it normally requires the
'administer taxonomy' permission in order to exploit it."

Eftersom sikkerhedshullet kun kan anvendes af administrative brugere, venter vi med at opdatere modulet til næste officielle release af Ding.

Grupper: