[Security-news] Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058
security-news at drupal.org
security-news at drupal.org
Wed Aug 29 16:55:54 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-058
Project: Bing Autosuggest API [1]
Version: 7.x-1.x-dev
Date: 2018-August-29
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross Site Scripting
Description:
This module enables you to use the Bing Autosuggest API.
The module doesn't sufficiently sanitize a value used to populate an API
request.
Solution:
Install the latest version:
* If you use the Bing Autosuggest API module for Drupal 7.x, upgrade to
Bing
Autosuggest API 7.x-1.1 [3]
Also see the Bing Autosuggest API [4] project page.
Reported By:
* Drew Webber [5]Provisional Security Team Member
Fixed By:
* Drew Webber [6]
* Alex Sansom [7]
Coordinated By:
* Drew Webber [8]Provisional Security Team Member
[1] https://www.drupal.org/project/bing_autosuggest_api
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/bing_autosuggest_api/releases/7.x-1.1
[4] https://www.drupal.org/project/bing_autosuggest_api
[5] https://www.drupal.org/user/255969
[6] https://www.drupal.org/user/255969
[7] https://www.drupal.org/user/364473
[8] https://www.drupal.org/user/255969
More information about the Security-news
mailing list