Drupal Link Module XSS Vulnerability

2009.02.06
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal Link Module XSS Vulnerability Security Risk: Moderately Critical Exploitable: Remotely Vulnerabilities: Cross Site Scripting Discovered by: Andrew Rosborough, Justin C. Klein Keane Tested: Link 5.x-2.5 on Drupal 5.10 Description Drupal (http://drupal.org) is a robust content management system (CMS) that provides extensibility through hundreds of third party modules. While the security of Drupal core modules is vetted by a central security team(http://drupal.org/security), third party modules are not reviewed for security. The Link module (http://drupal.org/project/link) is a module that extends the Drupal CCK (Content Creation Kit) module (http://www.drupal.org/project/cck) by allowing users to add links to their content types. Cross Site Scripting (XSS) Vulnerability The Link module contains a XSS vulnerability in the 'Help' field. Any user with rights to administer content types can edit a content type that contains a link field or create a content type that contains an link field. In the 'Widget settings' fieldset presented during configuration of the specific image field a textarea labeled 'Help text:' is presented. Arbitrary script can be entered into this text area and it is not escaped. This vulnerability is especially dangerous because the script executes whenever a user creates new content of the type with the XSS infected help text. This potentially exposes site administrators to the XSS attack. - -- Andrew Rosborough Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmLJz4ACgkQeHiaLtUKG3wVzACffCUYBVO8HEtJHq8dx5sLpqQI As4AniXKhWADtlUa/yjKUTIpcVigLe4m =tNFi -----END PGP SIGNATURE-----

References:

http://seclists.org/fulldisclosure/2009/Feb/0035.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top