[Security-news] SA-CONTRIB-2010-033 - Taxonomy Filter - Cross Site Scripting (XSS)

security-news at drupal.org security-news at drupal.org
Wed Mar 31 20:28:19 UTC 2010 

  * Advisory ID: DRUPAL-SA-CONTRIB-2010-033
  * Project: Taxonomy Filter (third-party module)
  * Version: 6.x
  * Date: 2010-March-31
  * Security risk: Critical
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting

-------- DESCRIPTION  
---------------------------------------------------------

The Taxonomy Filter module enables users to filter node listings by multiple
taxonomy terms across multiple vocabularies. Vocabulary names, terms, and
filter menus are not sanitized, creating a Cross Site Scripting (XSS)
vulnerability. Exploiting this vulnerability would allow a malicious user to
gain full administrative access, or worse. To exploit the vulnerability a
user would either need to have a role with 'administer taxonomy' permission
or a site would need to use free tagging and a user would need the ability to
create a node that has free tagging enabled.
-------- VERSIONS AFFECTED  
---------------------------------------------------

  * Versions of Taxonomy Filter for Drupal 6.x prior to 6.x-1.1 [1]

Versions of Taxonomy Filter for Drupal 5.x are not affected. Drupal core is
not affected. If you do not use the 6.x version of the contributed Taxonomy
Filter module, there is nothing you need to do.
-------- SOLUTION  
------------------------------------------------------------

Install the latest version:
  * If you use Taxonomy Filter for Drupal 6.x upgrade to Taxonomy Filter
    6.x-1.1 [2] or any later version.

Also see the Taxonomy Filter [3] project page.
-------- REPORTED BY  
---------------------------------------------------------

  * Dylan Wilder-Tack [4] of the Drupal security team.

-------- FIXED BY  
------------------------------------------------------------

  * Dylan Wilder-Tack [5] of the Drupal security team.
  * Solotandem [6], the module maintainer

-------- CONTACT  
-------------------------------------------------------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at http://drupal.org/contact.

[1] http://drupal.org/node/622096
[2] http://drupal.org/node/622096
[3] http://drupal.org/project/taxonomy_filter
[4] http://drupal.org/user/96647
[5] http://drupal.org/user/96647
[6] http://drupal.org/user/240748

More information about the Security-news mailing list