Drupal Book Block Module Book Title HTML Injection Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/54371
The information has been provided by Zach Alexander .
* Drupal Book Block Module Book Title HTML Injection Vulnerability
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.Book Block 6.x-1.0-Beta1 is vulnerable.
Currently we are not aware of any vendor-supplied patches
Initial Release: Jul 09 2012