Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
BID:53589
Info
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
| Bugtraq ID: | 53589 |
| Class: | Unknown |
| CVE: |
CVE-2012-2706 CVE-2012-3802 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Lee Rowlands |
| Vulnerable: |
Drupal Post Affiliate Pro 0 |
| Not Vulnerable: | |
Discussion
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
The Post Affiliate Pro module for Drupal is prone to a cross-site scripting vulnerability and a security-bypass vulnerability.
An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.
Attackers can exploit the security bypass issue to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
The Post Affiliate Pro module for Drupal is prone to a cross-site scripting vulnerability and a security-bypass vulnerability.
An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.
Attackers can exploit the security bypass issue to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Exploit / POC
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
Attackers can use a browser to exploit the security-bypass issue. To exploit cross-site scripting vulnerability attackers must trick an unsuspecting victim into following a malicious URI.
Attackers can use a browser to exploit the security-bypass issue. To exploit cross-site scripting vulnerability attackers must trick an unsuspecting victim into following a malicious URI.
Solution / Fix
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Drupal Post Affiliate Pro Cross Site Scripting and Access Security Bypass Vulnerabilities
References:
References: