Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	51387
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 11 2012 12:00AM
Updated:	Jan 11 2012 12:00AM
Credit:	Dylan Tack of the Drupal Security Team
Vulnerable:	Drupal Taxonomy Navigator 7.X Drupal Taxonomy Navigator 6.X
Not Vulnerable:

Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability

Taxonomy Navigator module for Drupal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Taxonomy Navigator 6.x and 7.x are vulnerable; other versions may also be affected.

Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability

References:

• SA-CONTRIB-2012-006 XSS and CSRF in Multiple Modules Drupal Web Page (Drupal)
  
• Taxonomy Navigator Homepage (Drupal)