Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3648 to the following vulnerability: Name: CVE-2009-3648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3648 Assigned: 20091009 Reference: MISC: http://www.madirish.net/?article=251 Reference: BID:36584 Reference: URL: http://www.securityfocus.com/bid/36584 Reference: XF:servicelinks-content-type-xss(53633) Reference: URL: http://xforce.iss.net/xforce/xfdb/53633 Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names. Checked drupal-service_links in CVS and this affects Fedora 10, 11, and rawhide.
drupal-service_links-6.x.1.0-5.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc11
drupal-service_links-6.x.1.0-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc10
drupal-service_links-6.x.1.0-5.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc12
drupal-service_links-6.x.1.0-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
drupal-service_links-6.x.1.0-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.