[Security-news] SA-CONTRIB-2010-102 - Category tokens - Cross Site Scripting

security-news at drupal.org security-news at drupal.org
Wed Nov 10 21:41:43 UTC 2010


  * Advisory ID: DRUPAL-SA-CONTRIB-2010-102
  * Project: Category tokens (third-party module)
  * Version: 6.x
  * Date: 2010-November-10
  * Security risk: Less critical
  * Exploitable from: Remote
  * Vulnerability: Cross-Site Scripting

-------- DESCRIPTION  
---------------------------------------------------------

The Category tokens module exposes additional tokens for the first and last
terms related to a node for each vocabulary. The module does not sanitize the
vocabulary names when displayed in token help, leading to a Cross-Site
Scripting (XSS [1]) vulnerability that may lead to a malicious user gaining
full administrative access. This vulnerability is mitigated by the fact that
user must have the "administer taxonomy" permission in order to create and
edit vocabularies and enter the XSS.
-------- VERSIONS AFFECTED  
---------------------------------------------------

  * Category tokens module for Drupal 6.x versions prior to 6.x-1.1.

Drupal core is not affected. If you do not use the contributed Category
tokens [2] module, there is nothing you need to do.
-------- SOLUTION  
------------------------------------------------------------

Install the latest version:
  * If you use the Category tokens module for Drupal 6.x upgrade to Category
    tokens 6.x-1.1 [3]

See also the Category tokens project page [4].
-------- REPORTED BY  
---------------------------------------------------------

  * Dave Reid [5], Drupal Security Team

-------- FIXED BY  
------------------------------------------------------------

  * Dave Reid [6], Drupal Security Team
  * scheepers de bruin [7], module maintainer

-------- CONTACT  
-------------------------------------------------------------

The Drupal security team [8] can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://en.wikipedia.org/wiki/Cross-site_scripting
[2] http://drupal.org/project/category_tokens
[3] http://drupal.org/node/939848
[4] http://drupal.org/project/category_tokens
[5] http://drupal.org/user/53892
[6] http://drupal.org/user/53892
[7] http://drupal.org/user/162354
[8] http://drupal.org/security-team



More information about the Security-news mailing list