Drupal LDAP Integration Cross Site Scripting and Authentication Bypass Vulnerabilities


"Drupal LDAP Integration is prone to a cross-site scripting
vulnerability and multiple authentication-bypass vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, execute arbitrary code, and gain
unauthorized access to the affected application. "

This affects Drupal LDAP Integration 6.x-1.0-beta1, Drupal LDAP
Integration 5.x-1.4.

This does not affect Drupal LDAP Integration 6.x-1.0-beta2, Drupal LDAP
Integration 5.x-1.5.

It is recommended that users update to a non-vulnerable version of Drupal.