Drupal Share Buttons (AddToAny) Module Unspecified Cross Site Scripting Vulnerability UPDATED

Summary

Share Buttons (AddToAny) module for Drupal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/52777
The information has been provided by Kyle Small.


Details

Vulnerable Systems:
 * Drupal Share Buttons (AddToAny) 6.x-3.x

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://drupal.org/project/addtoany

CVE Information:
CVE-2012-2072

Disclosure Timeline:
Published:Mar 29 2012
Updated:Aug 16 2012

Categories: News