exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 38207

Secunia Security Advisory 38207
Posted Jan 14, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Bibliography module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 5e23fd6bf8954db17706bab68fa29baffe8a2e753391858c2a8c7575f8205272

Secunia Security Advisory 38207

Change Mirror Download
----------------------------------------------------------------------



Accurate Vulnerability Scanning
No more false positives, no more false negatives

http://secunia.com/vulnerability_scanning/



----------------------------------------------------------------------

TITLE:
Drupal Bibliography Module Script Insertion

SECUNIA ADVISORY ID:
SA38207

VERIFY ADVISORY:
http://secunia.com/advisories/38207/

DESCRIPTION:
A vulnerability has been reported in the Bibliography module for
Drupal, which can be exploited by malicious users to conduct script
insertion attacks.

Certain unspecified input is not properly sanitised before being
displayed to the user. This can be exploited to insert arbitrary HTML
and script code, which will be executed in a user's browser session in
context of an affected site when the malicious data is being viewed.

Successful exploitation requires "administer biblio" permissions.

The vulnerability is reported in versions prior to 6.x-1.10 and
5.x-1.18.

SOLUTION:
Bibliography 6.x:
Update to version 6.x-1.10.
http://drupal.org/node/682696

Bibliography 5.x:
Update to version 5.x-1.18.
http://drupal.org/node/682694

PROVIDED AND/OR DISCOVERED BY:
The vendor credits grendzy of the Drupal Security Team.

ORIGINAL ADVISORY:
SA-CONTRIB-2010-006:
http://drupal.org/node/683786

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close