-----BEGIN PGP SIGNED MESSAGE-----
Drupal Link Module XSS Vulnerability
Security Risk: Moderately Critical
Vulnerabilities: Cross Site Scripting
Discovered by: Andrew Rosborough, Justin C. Klein Keane
Tested: Link 5.x-2.5 on Drupal 5.10
Drupal (http://drupal.org) is a robust content management system (CMS)
that provides extensibility through hundreds of third party modules.
While the security of Drupal core modules is vetted by a central
security team(http://drupal.org/security), third party modules are not
reviewed for security.
The Link module (http://drupal.org/project/link) is a module
that extends the Drupal CCK (Content Creation Kit) module
(http://www.drupal.org/project/cck) by allowing users to add links
to their content types.
Cross Site Scripting (XSS) Vulnerability
The Link module contains a XSS vulnerability in the 'Help'
field. Any user with rights to administer content types can edit a
content type that contains a link field or create a content type that
contains an link field. In the 'Widget settings' fieldset presented
during configuration of the specific image field a textarea labeled
'Help text:' is presented. Arbitrary script can be entered into this
text area and it is not escaped. This vulnerability is especially
dangerous because the script executes whenever a user creates new
content of the type with the XSS infected help text. This potentially
exposes site administrators to the XSS attack.
Information Security and Unix Systems
University of Pennsylvania
School of Arts and Sciences
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----