Info

Disclosure

Sep 20, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Drupal Site Profile Directory module contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'title' variables upon submission to a profile listing script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Upgrade to either version 4.6 revision 1.1.2.1 or 4.7 revision 1.2.2.1 of the Drupal Site Profile Directory module, as both versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Drupal	Site Profile Directory	4.6 revision 1.1.2.1
		4.7 revision 1.2.2.1
		4.6 revision 1.1
		4.7 revision 1.2

References

CVE ID: 2006-4949 (see also: NVD)
Secunia Advisory ID: 22035
VUPEN Advisory: ADV-2006-3714
Keyword: DRUPAL-SA-2006-021
Vendor Specific Advisory URL: http://drupal.org/node/85048
Packet Storm: http://packetstormsecurity.org/0609-advisories/sa22035.txt

Credit

Ben Reser - -

Direct URL: http://osvdb.org/29029