DRUPAL-SA-2006-013: Recipe module

By Gerhard Killesreiter on 7 Aug 2006 at 21:12 UTC

Advisory ID: DRUPAL-SA-2006-013
Project: Recipe
Date: 2006-Aug-07
Security risk: less critical
Exploitable from: remote
Vulnerability: Cross site scripting

Description

It is possible for a malicious user to insert and execute XSS, due to lack of validation on output.

Versions affected

Please check the CVS $Id$ field in the file recipe.module to determine whether the version you are running is vulnerable. Versions older than the following are vulnerable:

// $Id: recipe.module,v 1.54 2006/08/06 12:20:49 marble Exp $

Drupal core is not affected. If you do not use the Recipe module, there is nothing you need to do.

Solution

Install the latest release of Recipe.

Reported by

Kae.

Contact

The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact.

DRUPAL-SA-2006-013: Recipe module

Description

Versions affected

Solution

Reported by

Contact

New forum topics

News items

Our community

Documentation

Drupal code base

Governance of community