Home » 2010 » January » 15
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3
and 5.x-1.1)

Discovered by Martin Barbella <martybarbella@gmail.com>

Description of Vulnerability:
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)

The Node Blocks module allows users to specify content type(s) as
being a block. This allows the content managers of the site to edit
the block text and title without having to access the block
administration page. (From: http://drupal.org/project/nodeblock)

The block title is not properly sanitized when a user displays a block
created from a node, resulti ... Read more »
Views: 3407 | Added by: b1zz4rd | Date: 2010-01-15 | Comments (0)