SA-CORE-2009-009 – Drupal Core – Cross site scripting

  • Advisory ID: DRUPAL-SA-CORE-2009-009
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-December-16
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Description

Multiple vulnerabilities were discovered in Drupal.

Contact category name cross-site scripting

The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

This issue affects Drupal 6.x and Drupal 5.x.

Menu description cross-site scripting

The Menu module does not correctly handle certain user input when displaying the menu administration overview. Users privileged to create new menus can insert arbitrary HTML and script code into the menu module administration page. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

This issue affects Drupal 6.x only.

Versions affected

  • Drupal 5.x before version 5.21.
  • Drupal 6.x before version 6.15.

Solution

Install the latest version:

  • If you are running Drupal 6.x then upgrade to Drupal 6.15.
  • If you are running Drupal 5.x then upgrade to Drupal 5.21.

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. Theses patches fix the security vulnerability, but do not contain other fixes which were released in Drupal 5.21 or Drupal 6.15.

Reported by

The contact category XSS issue was independently reported by mr.baileys and Justin Klein Keane.
The menu description XSS issue was reported by mr.baileys.

Fixed by

The contact category XSS issue was fixed by Justin Klein Keane and Dave Reid.
The menu description XSS issue was fixed by Gábor Hojtsy and Heine Deelstra.

Contact

The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.

Drupal version: 

Conferma la tua richiesta di iscrizione a perlulivo


Ciao [email protected],

Abbiamo ricevuto la tua richiesta di iscrizione al gruppo perlulivo 
uno dei gruppi che trovi su Yahoo! Gruppi, un servizio gratuito e
facile da usare per creare ed entrare a far parte di tante community.

Questa richiesta scade fra 7 giorni.

PER ISCRIVERTI AL GRUPPO DEVI: 

1) Andare su Yahoo! Gruppi cliccando su questo link:

   http://it.groups.yahoo.com/i?i=eecdlcvukwi1ahar5rvg4css40rxcxgk&e=announce-archive%40httpd%2Eapache%2Eorg


  (Se cliccando sul link non ti si apre una finestra di browser, prova
   a fare copiare l'indirizzo e incollarlo su una finestra di browser.)

-OPPURE-

2) RISPONDI a questo messaggio e-mail cliccando su pulsante "Rispondi"
   e poi su quelli di "Invia" sul tuo programma di posta

Se non hai richiesto questa iscrizione a perlulivo,
o non desideri più completarla, ignora questo messaggio..

Ciao,

Il team di Yahoo! Gruppi
L'utilizzo di Yahoo! Gruppi è soggetto alle  http://it.docs.yahoo.com/info/utos.html 

 





CVE-2009-4186

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. (CVSS:9.3) (Last Update:2009-12-04)