drupal6-captcha
Page content
- Author: Miklos Vajna
- Vulnerable: 5.x_3.2-1
- Unaffected: 5.x_3.3-1locris1
A vulnerability has been reported in the CAPTCHA module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the CAPTCHA description is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires “administer CAPTCHA settings” permissions.
- Bug Tracker URL: http://bugs.frugalware.org/task/4220
CVEs:
- No CVE references, see http://drupal.org/node/803566.