Mart 2008’de rapor ettiğim bu güvenlik açığı Ekim 2009’da giderildi.
SA-CONTRIB-2009-081 – Abuse – Cross Site Scripting
The Abuse module enables users to flag nodes and comments as offensive, bringing them to the attention of the site maintainer for review. The module suffers from a Cross Site Scripting (Cross Site Scripting) vulnerability. Such an attack may lead to a malicious user gaining full administrative access.
O zaman gönderdiğim e-posta
Abuse module displays flagged nodes in a moderation queue without applying filters (without calling node_view) on them.
Module version: abuse 5.x-1.x-dev at (http://drupal.org/node/123349)
Steps to reproduce:
- Install abuse.module.
- Enable flagging of any content type at “admin/settings/abuse” page.
- Flag a node by using “Flag as offensive” link on “node/#nid” page.
- Go to “admin/content/abuse” page. Under any tab one can see unfiltered node contents.
Mustafa Ulu 
Rapor etmissin ama dinlememisler?