Scoutnet vzw http://forum.scoutnet.be/ |
|
[Drupal] Security announcements: Shoutbox - XSS http://forum.scoutnet.be/viewtopic.php?f=19&t=2019 |
Pagina 1 van 1 |
Auteur: | To [ 06 Dec 2007 19:55 ] |
Titel: | [Drupal] Security announcements: Shoutbox - XSS |
------------SA-2007-032 - SHOUTBOX - CROSS SITE SCRIPTING ------------ * Advisory ID: DRUPAL-SA-2007-032 * Project: Shoutbox (third-party module) * Version: 5.x * Date: 2007-December-05 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Cross site scripting ------------DESCRIPTION------------ Message sent from the Shoutbox block, where visitors can quickly post short messages, are not properly sanitized in a number of cases. This allows malicious users to inject arbitrary HTML and script code into the block. Learn more about cross site scripting on Wikipedia [ http://en.wikipedia.org/wiki/Cross_site_scripting ]. ------------VERSIONS AFFECTED------------ * Shoutbox for Drupal 5.x before Shoutbox 5.x-1.1. Drupal core is not affected. If you do not use the contributed Shoutbox module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * If you use Drupal 5.x upgrade to Shoutbox 5.x-1.1 [ http://drupal.org/node/184513 ]. See also the Shoutbox project page [ http://drupal.org/project/shoutbox ]. ------------REPORTED BY------------ Allister Beharry (allisterbeharry [ http://drupal.org/user/116802 ]). ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |