drupal-date
Page content
- Author: Miklos Vajna
- Vulnerable: 5.x_2.7-1
- Unaffected: 5.x_2.8-1getorin1
A vulnerability has been reported in the Date module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed in the page title. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires privileges to post date content.
- Bug Tracker URL: http://bugs.frugalware.org/task/3951
CVEs:
- No CVE references, see http://drupal.org/node/579144.