|
Full Disclosure
mailing list archives
Drupal XML-Sitemap 5.x-1.6 XSS Vulnerability
From: Black Packeteer <black.packeteer () gmail com>
Date: Mon, 28 Sep 2009 12:54:42 -0400
The Drupal XML Sitemap module version 5.x-1.6 (
http://drupal.org/project/xmlsitemap) contains a cross site scripting
vulnerability because it fails to properly sanitize 'Path' output in the XML
Sitemap administration area. If you install XML Sitemap and click on
Administer, Site configuration, XML sitemap, then click on the Additional
tab and put JavaScript into the 'Path' text box and save the additional link
when the page refreshes the JavaScript is rendered by Drupal. This means
that users who can administer the additional links in XML Sitemap can attack
other users who view that page.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Drupal XML-Sitemap 5.x-1.6 XSS Vulnerability Black Packeteer (Sep 28)
| 
