Drupal announce new security update

22/01/2013

A security update has been made available for the open source CMS system Drupal to fixe recent vulnerabilities in the system. This is classed as a highly critical update as a serious cross site scripting vulnerability was discovered.

This highly critical Drupal update was announced on January 16th 2013. It is reference as SA-CORE-2013-001. It affects all versions of Drupal, that I 6.x and 7.x

Drupal CMS securityThis has occurred in recent jQuery functionality added – so recent websites with modern looking jQuery interactions and displays are particularly at risk.

For those interested in the technical detail, the JQuery library included within the Drupal core versions allows unexpected user input passed in a function into jQuery  to insert HTML into the page instead of the intended behaviour of selecting DOM elements. This is a form of cross site scripting (XSS).

As this impacts anything using JQuery within Drupal, virtually all multiple core and contributed modules are affected, so everyone should implement this update. If you have a web design or maintenance company looking after your website, ensure they have updated the code of your CMS.

 

Drupal Updates last year

This is the first Drupal security update of 2013 – in 2012 there were 4 serious updates released to deal with critical security issues.

← Back to Index

Email usTel: +44 (0)330 555 4680
X

Our site uses cookies to help provide you the best experience. By continuing to browse the site you are agreeing to our use of cookies.
Find out more about cookies and how to change your cookie settings in your browser.