FreeBSD : drupal -- XSS (a6605f4b-4067-11de-b444-001372fd0af2)

high Nessus Plugin ID 38805

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Drupal Security Team reports :

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input.

Certain byte sequences that are valid in the UTF-8 specification are potentially dangerous when interpreted as UTF-7. Internet Explorer 6 and 7 may decode these characters as UTF-7 if they appear before the <meta http-equiv='Content-Type' /> tag that specifies the page content as UTF-8, despite the fact that Drupal also sends a real HTTP header specifying the content as UTF-8. This enables attackers to execute cross site scripting attacks with UTF-7. SA-CORE-2009-005 - Drupal core - Cross site scripting contained an incomplete fix for the issue.
HTML exports of books are still vulnerable, which means that anyone with edit permissions for pages in outlines is able to insert arbitrary HTML and script code in these exports.

Additionally, the taxonomy module allows users with the 'administer taxonomy' permission to inject arbitrary HTML and script code in the help text of any vocabulary.

Solution

Update the affected packages.

See Also

http://drupal.org/node/461886

http://www.nessus.org/u?bd73c628

Plugin Details

Severity: High

ID: 38805

File Name: freebsd_pkg_a6605f4b406711deb444001372fd0af2.nasl

Version: 1.12

Type: local

Published: 5/18/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal5, p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/14/2009

Vulnerability Publication Date: 5/13/2009

Reference Information

Secunia: 35045