Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Drupal Devel module < 6.x-1.22 Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to a cross-site scripting attack.

Description

The remote web server hosts a Drupal install that uses the Devel module, a performance logging component.

Versions of the Drupal Devel module earlier than 6.x-1.22 are potentially affected by a cross-site scripting vulnerability because the application fails to properly sanitize URLs comprised of node paths. A remote attacker with the ability to to add URL aliases could exploit this flaw to execute arbitrary script code in a user's browser.

Solution

Upgrade to Drupal Devel module 6.x-1.22 or later.