Secunia Security Advisory - A vulnerability has been reported in the Workflow module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
10bd3aa3dd7a0efd8cb6f6ba8dffcd271d7382c98d598c976950aa5452e3c1aa
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Drupal Workflow Module Script Insertion Vulnerability
SECUNIA ADVISORY ID:
SA38825
VERIFY ADVISORY:
http://secunia.com/advisories/38825/
DESCRIPTION:
A vulnerability has been reported in the Workflow module for Drupal,
which can be exploited by malicious users to conduct script insertion
attacks.
Input passed via the comment field of the workflow fieldset while
using the Token module is not properly sanitised before being
displayed to the user. This can be exploited to insert arbitrary HTML
and script code, which will be executed in a user's browser session in
context of an affected site when the malicious data is being viewed.
Successful exploitation requires that users have permissions to
change the workflow state of a node and that the "Show a comment
field in the workflow section of the editing form" or "Show a comment
field in the workflow section of the workflow tab form" options are
enabled.
The vulnerability is reported in versions prior to 6.x-1.4 and
5.x-2.6.
SOLUTION:
Workflow 6.x:
Update to version 6.x-1.4.
http://drupal.org/node/731648
Workflow 5.x:
Update to version 5.x-2.6.
http://drupal.org/node/731644
PROVIDED AND/OR DISCOVERED BY:
The vendor credits George Cassie.
ORIGINAL ADVISORY:
SA-CONTRIB-2010-023:
http://drupal.org/node/731624
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------