| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Refine by Taxonomy XSS http://forum.scoutnet.be/viewtopic.php?f=19&t=2085 |
Pagina 1 van 1 |
| Auteur: | To [ 06 Mrt 2008 22:14 ] |
| Titel: | [Drupal] Security announcements: Refine by Taxonomy XSS |
------------SA-2008-019 - REFINE BY TAXONOMY - CROSS SITE SCRIPTING------------ * Advisory ID: DRUPAL-SA-2008-019 * Project: Refine by Taxonomy (third-party module) * Version: 5.x * Date: 2008-March-05 * Security risk: Less critical * Exploitable from: Remote * Vulnerability: Cross site scripting ------------DESCRIPTION------------ Refine by Taxonomy is a module that provides a taxonomy browsing user interface. Taxonomy terms are not escaped before display, making it possible to inject arbitrary HTML and script code into pages which contain the Refine by Taxonomy feature. This may lead to administrator access if certain conditions are met. Learn more about cross site scripting on Wikipedia [ http://en.wikipedia.org/wiki/Cross_site_scripting ]. ------------VERSIONS AFFECTED------------ * Refine by Taxonomy for Drupal 5.x before Refine by Taxonomy 5.x-0.1 Drupal core is not affected. If you do not use the contributed Refine by Taxonomy module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * If you use Drupal 5.x upgrade to Refine by Taxonomy 5.x-0.1 [ http://drupal.org/node/230460 ]. See also the Refine by Taxonomy project page [ http://drupal.org/project/refine_by_taxo ]. ------------REPORTED BY------------ The Refine by Taxonomy maintainer, Bèr Kessels [ http://drupal.org/user/2663 ]. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|