[IT-SecNots] [Security-news] Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2018-058

Project: Bing Autosuggest API [1]
Version: 7.x-1.x-dev
Date: 2018-August-29
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Scripting

Description: 
This module enables you to use the Bing Autosuggest API.

The module doesn't sufficiently sanitize a value used to populate an API
request.

Solution: 
Install the latest version:

  * If you use the Bing Autosuggest API module for Drupal 7.x, upgrade to 
Bing
    Autosuggest API 7.x-1.1 [3]

Also see the Bing Autosuggest API [4] project page.

Reported By: 
  * Drew Webber  [5]Provisional Security Team Member

Fixed By: 
  * Drew Webber  [6]
  * Alex Sansom  [7]

Coordinated By: 
  * Drew Webber  [8]Provisional Security Team Member


[1] https://www.drupal.org/project/bing_autosuggest_api
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/bing_autosuggest_api/releases/7.x-1.1
[4] https://www.drupal.org/project/bing_autosuggest_api
[5] https://www.drupal.org/user/255969
[6] https://www.drupal.org/user/255969
[7] https://www.drupal.org/user/364473
[8] https://www.drupal.org/user/255969

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news