Drupal Taxonomy List Module Cross Site Scripting Vulnerability
BID:53671
Info
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
| Bugtraq ID: | 53671 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2711 |
| Remote: | Yes |
| Local: | No |
| Published: | May 23 2012 12:00AM |
| Updated: | Aug 07 2012 08:42PM |
| Credit: | Dylan Wilder-Tack of the Drupal Security Team |
| Vulnerable: |
Drupal Taxonomy List 6.X-1.3 Drupal Taxonomy List 6.X-1.1 |
| Not Vulnerable: |
Drupal Taxonomy List 6.X-2.0 Drupal Taxonomy List 6.X-1.4 |
Discussion
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
The Taxonomy List module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied text.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Taxonomy List 6.x-1.x through versions prior to 6.x-1.4 are vulnerable.
The Taxonomy List module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied text.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Taxonomy List 6.x-1.x through versions prior to 6.x-1.4 are vulnerable.
Exploit / POC
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Drupal Taxonomy List 6.X-1.1
Drupal Taxonomy List 6.X-1.3
Solution:
Vendor updates are available. Please see the references for more information.
Drupal Taxonomy List 6.X-1.1
-
Drupal taxonomy_list 6.x-1.4
http://drupal.org/node/1595396 -
Drupal taxonomy_list 6.x-2.0
http://drupal.org/node/815066
Drupal Taxonomy List 6.X-1.3
-
Drupal taxonomy_list 6.x-1.4
http://drupal.org/node/1595396 -
Drupal taxonomy_list 6.x-2.0
http://drupal.org/node/815066
References
Drupal Taxonomy List Module Cross Site Scripting Vulnerability
References:
References: