Drupal Unspecified Cross-Site Scripting Vulnerability
BID:12757
Info
Drupal Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12757 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2005 12:00AM |
| Updated: | Mar 08 2005 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
Drupal Drupal 4.2 .0 RC Drupal Drupal 4.1 .0 Drupal Drupal 4.0 .0 |
| Not Vulnerable: |
Drupal Drupal 4.5.2 |
Discussion
Drupal Unspecified Cross-Site Scripting Vulnerability
An unspecified remote cross-site scripting vulnerability affects Drupal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in dynamically generated Web page content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user.
This vulnerability is reported to affect Drupal versions prior to version 4.5.2.
An unspecified remote cross-site scripting vulnerability affects Drupal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in dynamically generated Web page content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user.
This vulnerability is reported to affect Drupal versions prior to version 4.5.2.
Exploit / POC
Drupal Unspecified Cross-Site Scripting Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Drupal Unspecified Cross-Site Scripting Vulnerability
Solution:
The vendor has released an update to address this issue:
Drupal Drupal 4.0 .0
Drupal Drupal 4.1 .0
Drupal Drupal 4.2 .0 RC
Solution:
The vendor has released an update to address this issue:
Drupal Drupal 4.0 .0
-
Drupal drupal-4.5.2.tar.gz
http://drupal.org/files/projects/drupal-4.5.2.tar.gz
Drupal Drupal 4.1 .0
-
Drupal drupal-4.5.2.tar.gz
http://drupal.org/files/projects/drupal-4.5.2.tar.gz
Drupal Drupal 4.2 .0 RC
-
Drupal drupal-4.5.2.tar.gz
http://drupal.org/files/projects/drupal-4.5.2.tar.gz
References
Drupal Unspecified Cross-Site Scripting Vulnerability
References:
References:
- Drupal 4.5.2 released (Drupal)
- Vendor Homepage (Drupal)