Drupal MultiBlock Module Cross Site Scripting Vulnerability
BID:52800
Info
Drupal MultiBlock Module Cross Site Scripting Vulnerability
| Bugtraq ID: | 52800 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2012 12:00AM |
| Updated: | Mar 28 2012 12:00AM |
| Credit: | Justin Klein Keane |
| Vulnerable: |
Drupal MultiBlock 7.x-1.x Drupal MultiBlock 6.X-1.X |
| Not Vulnerable: |
Drupal MultiBlock 7.x-1.1 Drupal MultiBlock 6.X-1.4 |
Discussion
Drupal MultiBlock Module Cross Site Scripting Vulnerability
MultiBlock module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following versions are affected:
MultiBlock 6.x-1.x versions prior to 6.x-1.4
MultiBlock 7.x-1.x versions prior to 7.x-1.1
MultiBlock module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following versions are affected:
MultiBlock 6.x-1.x versions prior to 6.x-1.4
MultiBlock 7.x-1.x versions prior to 7.x-1.1
Exploit / POC
Drupal MultiBlock Module Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Drupal MultiBlock Module Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Drupal MultiBlock Module Cross Site Scripting Vulnerability
References:
References:
- Drupal Homepage (Drupal)
- MultiBlock Homepage (Drupal)
- SA-CONTRIB-2012-043 - MultiBlock - Cross Site Scripting (Drupal)