ZDNet

Drupal calls on users to patch critical remote code execution vulnerabilities

Drupal has urged users to update their CMS to protect websites from critical security holes which could lead to hijacking and remote code execution. The Drupal content management system (CMS) powers ...
heise online

Security updates for Drupal: Malicious code attacks on web browsers possible

Poor input validation makes previous versions of Drupal vulnerable. If the conditions are right, attackers can execute malicious code in the victim's web browser via compromised websites created with ...