15 January 2010 - Be Secure

Home » 2010 » January » 15

XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)

XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3
and 5.x-1.1)

Discovered by Martin Barbella <martybarbella@gmail.com>

Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)

The Node Blocks module allows users to specify content type(s) as
being a block. This allows the content managers of the site to edit
the block text and title without having to access the block
administration page. (From: http://drupal.org/project/nodeblock)

The block title is not properly sanitized when a user displays a block
created from a node, resulti ... Read more »

Views: 3611 | Added by: b1zz4rd | Date: 15 January 2010 | Comments (0)

« January 2010 »
Su	Mo	Tu	We	Th	Fr	Sa
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Login:
Password: