Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2012-062
- Project: Creative Commons (third-party module)
- Version: 6.x
- Date: 2012-April-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
The Creative Commons module allows users to select and assign a Creative Commons license to a node and any attached content, or to the entire site. The module did not sufficiently filter the text describing licenses. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer creative commons".
- Creative Commons 6.x-1.x versions prior to 6.x-1.1.
Drupal core is not affected. If you do not use the contributed Creative Commons module, there is nothing you need to do.
Install the latest version:
- If you use the Creative Commons module for Drupal 6.x, upgrade to Creative Commons 6.x-1.1
Also see the Creative Commons project page.
- Kevin Reynen the module maintainer
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.