Drupal Gigya - Social optimization Module Cross Site Scripting Vulnerability
BID:53156
Info
Drupal Gigya - Social optimization Module Cross Site Scripting Vulnerability
| Bugtraq ID: | 53156 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2117 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2012 12:00AM |
| Updated: | Apr 18 2012 12:00AM |
| Credit: | Marek Lyczba |
| Vulnerable: |
Drupal Gigya - Social optimization 6.x-3.1 0 |
| Not Vulnerable: |
Drupal Gigya - Social optimization 6.x-3.2 0 |
Discussion
Drupal Gigya - Social optimization Module Cross Site Scripting Vulnerability
The Gigya - Social optimization module for Drupal is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input before being printed back to the user.
An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Gigya - Social optimization versions prior to 6.x-3.2 are vulnerable.
The Gigya - Social optimization module for Drupal is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input before being printed back to the user.
An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Gigya - Social optimization versions prior to 6.x-3.2 are vulnerable.
Exploit / POC
Drupal Gigya - Social optimization Module Cross Site Scripting Vulnerability
An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.
An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.