Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
drupalDrupal Security TeamDRUPAL-SA-2008-066
HistoryOct 15, 2008 - 12:00 a.m.

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

2008-10-1500:00:00
Drupal Security Team
www.drupal.org
3
JSON

Shindig-Integrator integrates the open social Shindig container with Drupal.

The module contains numerous flaws. Among them are the following issues.

  • Malicious users are able to insert arbitrary HTML and script code into certain module generated pages. Such a Cross site scripting vulnerability can be used to gain administrator access.
  • The module fails to restrict access to module generated pages.

Versions Affected

  • All versions of Shindig-Integrator

Drupal core is not affected. If you do not use the Shindig-Integrator module, there is nothing you need to do.

Solution

There is no solution available. Please disable the module and remove it from your site.

Reported by

  • The vulnerability was reported by Tony Mobily (mercmobily)
JSON