Drupal CCK TableField Module Cross Site Scripting Vulnerability

Bugtraq ID:	39954
Class:	Input Validation Error
CVE:	CVE-2010-1998
Remote:	Yes
Local:	No
Published:	May 05 2010 12:00AM
Updated:	Apr 13 2015 09:02PM
Credit:	mr.baileys
Vulnerable:	Drupal CCK TableField 6.x-1.1 Drupal CCK TableField 6.x-1.0
Not Vulnerable:	Drupal CCK TableField 6.x-1.2

Drupal CCK TableField Module Cross Site Scripting Vulnerability

The CCK TableField module for Drupal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects CCK TableField versions prior to 6.x-1.2.

Drupal CCK TableField Module Cross Site Scripting Vulnerability

Attackers can use a browser to exploit this issue.

Drupal CCK TableField Module Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for details.

Drupal CCK TableField Module Cross Site Scripting Vulnerability

References:

• Drupal Homepage (Drupal)
  
• SA-CONTRIB-2010-039: CCK TableField - Cross Site Scripting (Drupal)