Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2010-008
- Project: Recent Comments (third-party module)
- Version: 6.x-1.0, 5.x-1.2
- Date: 2010-January-20
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
- Recent Comments module 5.x-1.2 and prior versions
- Recent Comments module 6.x-1.0 and prior versions
Drupal core is not affected. If you do not use the contributed Recent Comments module, there is nothing you need to do.
Install the latest version:
- If you use the Recent Comments module for Drupal 5.x upgrade to Recent Comments 5.x-1.3
- If you use the Recent Comments module for Drupal 6.x upgrade to Recent Comments 6.x-1.1
See also the Recent Comments page.
Dylan Tack of the Drupal Security Team.
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.