Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
BID:52777
Info
Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 52777 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2072 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2012 12:00AM |
| Updated: | Aug 16 2012 01:20PM |
| Credit: | Kyle Small |
| Vulnerable: |
Drupal Share Buttons (AddToAny) 6.x-3.x |
| Not Vulnerable: |
Drupal Share Buttons (AddToAny) 6.x-3.4 |
Discussion
Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
Share Buttons (AddToAny) module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Share Buttons (AddToAny) 6.x-3.x versions prior to 6.x-3.4 are vulnerable.
Share Buttons (AddToAny) module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Share Buttons (AddToAny) 6.x-3.x versions prior to 6.x-3.4 are vulnerable.
Exploit / POC
Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.