Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting


Chronologisch Thread 
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting
  • Date: Wed, 10 Nov 2010 21:41:43 +0000 (UTC)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>

* Advisory ID: DRUPAL-SA-CONTRIB-2010-102
* Project: Category tokens (third-party module)
* Version: 6.x
* Date: 2010-November-10
* Security risk: Less critical
* Exploitable from: Remote
* Vulnerability: Cross-Site Scripting

-------- DESCRIPTION
---------------------------------------------------------

The Category tokens module exposes additional tokens for the first and last
terms related to a node for each vocabulary. The module does not sanitize the
vocabulary names when displayed in token help, leading to a Cross-Site
Scripting (XSS [1]) vulnerability that may lead to a malicious user gaining
full administrative access. This vulnerability is mitigated by the fact that
user must have the "administer taxonomy" permission in order to create and
edit vocabularies and enter the XSS.
-------- VERSIONS AFFECTED
---------------------------------------------------

* Category tokens module for Drupal 6.x versions prior to 6.x-1.1.

Drupal core is not affected. If you do not use the contributed Category
tokens [2] module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------

Install the latest version:
* If you use the Category tokens module for Drupal 6.x upgrade to Category
tokens 6.x-1.1 [3]

See also the Category tokens project page [4].
-------- REPORTED BY
---------------------------------------------------------

* Dave Reid [5], Drupal Security Team

-------- FIXED BY
------------------------------------------------------------

* Dave Reid [6], Drupal Security Team
* scheepers de bruin [7], module maintainer

-------- CONTACT
-------------------------------------------------------------

The Drupal security team [8] can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://en.wikipedia.org/wiki/Cross-site_scripting
[2] http://drupal.org/project/category_tokens
[3] http://drupal.org/node/939848
[4] http://drupal.org/project/category_tokens
[5] http://drupal.org/user/53892
[6] http://drupal.org/user/53892
[7] http://drupal.org/user/162354
[8] http://drupal.org/security-team

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
http://lists.drupal.org/mailman/listinfo/security-news



  • [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting, security-news, 10.11.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang