-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal Link Module XSS Vulnerability Security Risk: Moderately Critical Exploitable: Remotely Vulnerabilities: Cross Site Scripting Discovered by: Andrew Rosborough, Justin C. Klein Keane Tested: Link 5.x-2.5 on Drupal 5.10 Description Drupal (http://drupal.org) is a robust content management system (CMS) that provides extensibility through hundreds of third party modules. While the security of Drupal core modules is vetted by a central security team(http://drupal.org/security), third party modules are not reviewed for security. The Link module (http://drupal.org/project/link) is a module that extends the Drupal CCK (Content Creation Kit) module (http://www.drupal.org/project/cck) by allowing users to add links to their content types. Cross Site Scripting (XSS) Vulnerability The Link module contains a XSS vulnerability in the 'Help' field. Any user with rights to administer content types can edit a content type that contains a link field or create a content type that contains an link field. In the 'Widget settings' fieldset presented during configuration of the specific image field a textarea labeled 'Help text:' is presented. Arbitrary script can be entered into this text area and it is not escaped. This vulnerability is especially dangerous because the script executes whenever a user creates new content of the type with the XSS infected help text. This potentially exposes site administrators to the XSS attack. - -- Andrew Rosborough Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmLJz4ACgkQeHiaLtUKG3wVzACffCUYBVO8HEtJHq8dx5sLpqQI As4AniXKhWADtlUa/yjKUTIpcVigLe4m =tNFi -----END PGP SIGNATURE-----