| source |
Version/Dependency |
Developer Link |
Severity |
|---|---|---|---|
| drupal.org/node/1401678 |
6.x-1.x versions prior to 6.x-1.4 | drupal.org/node/1401654 |
Moderately critical |
Summary:
The Password Policy module, helps with security by hardening (making stronger) user passwords via a Policy Manager. It has been reported that it is vulnerable to both a Cross-Site Request Forgery and a Cross Site Scripting Vulnerability.
The attacker, must have a role with permissions of "administer policies"
Please see the SOURCE for further information
What do I do to fix this?
Upgrade the Password Policy module for Drupal 6.x. Please see: Password Policy 6.x-1.4.
Reported by: Greg Knaddison