Drupal Book Block Module Book Title HTML Injection Vulnerability

Summary

The Book Block module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54371
The information has been provided by Zach Alexander .


Details

Vulnerable Systems:
 * Drupal Book Block Module Book Title HTML Injection Vulnerability

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.Book Block 6.x-1.0-Beta1 is vulnerable.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Jul 09 2012

Categories: News