Patch Management

Drupal releases correct four moderately critical third-party vulnerabilities

April 19, 2019
  • A cross-site scripting bug caused by the failure of validation messages in the PHP templating engine to escape (CVE-2019-10909)
  • A remote code execution vulnerability due to service IDs derived from unfiltered user input
  • A flaw potentially allowing attackers to modify the remember me cookie and authenticate as a different user.
prestitial ad