Description
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview.
Affected products
- Drupal / chatroom_module4.7 – 4.7
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/23343
- MISChttp://drupal.org/node/102614