RSS   Vulnerabilities for 'Janrain engage module'   RSS

2011-02-03
 
CVE-2011-0771

CWE-20
 

 
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.

 

 >>> Vendor: Janrain 4 Products
Janrain engage module
Php-openid
RPX
Ruby-openid


Copyright 2019, cxsecurity.com

 

Back to Top