Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Cross Site Scripting (XSS) Vulnerability in Drupal Site Banner Module

 

Systems Affected


• Drupal 7.x

Threat Level


Medium


Overview


Vulnerability has been reported in Site Banner module of Drupal which could be exploited by a remote attacker to conduct Cross Site Scripting (XSS) attacks.


Description


This vulnerability exists in the Site Banner module which fails to properly sanitize input before printing the existing context settings. A malicious user could exploit this vulnerability to conduct Cross Site Scripting (XSS) attacks in context of the affected site.
Note: Successful exploitation of this issue requires that the attacker must possess a role with the permission "Administer contexts" from the Context UI module.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in Drupal Security Advisory

https://www.drupal.org/node/2324689


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.