drupal6-devel
Page content
- Author: Miklos Vajna
- Vulnerable: 6.x_1.18-1
- Unaffected: 6.x_1.21-1locris1
A vulnerability has been reported in the Devel (Performance logging) module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via node paths is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the attacker has permissions to add url aliases and the victim has access to the reports of the performance module.
- Bug Tracker URL: http://bugs.frugalware.org/task/4290