Fusion Module Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	52798
Class:	Input Validation Error
CVE:	CVE-2012-2083
Remote:	Yes
Local:	No
Published:	Mar 29 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Jakub Suchy of the Drupal Security Team, Justin Emond, Rick Manelius, Abhishek Nagar and Chris Lee
Vulnerable:	Drupal Fusion 6.X-1.X
Not Vulnerable:	Drupal Fusion 6.x-1.13

Fusion Module Unspecified Cross Site Scripting Vulnerability

Fusion module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Fusion 6.x-1.x versions prior to 6.x-1.13 are vulnerable.

Fusion Module Unspecified Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Fusion Module Unspecified Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the reference for more details.

Fusion Module Unspecified Cross Site Scripting Vulnerability

References:

• Drupal Homepage (Drupal)
  
• SA-CONTRIB-2012-055 - Fusion theme - Cross Site Scripting (XSS) (Drupal)