Shindig-Integrator integrates the open social Shindig container with Drupal.
The module contains numerous flaws. Among them are the following issues.
- Malicious users are able to insert arbitrary HTML and script code into certain module generated pages. Such a Cross site scripting vulnerability can be used to gain administrator access.
- The module fails to restrict access to module generated pages.
Versions Affected
- All versions of Shindig-Integrator
Drupal core is not affected. If you do not use the Shindig-Integrator module, there is nothing you need to do.
Solution
There is no solution available. Please disable the module and remove it from your site.
Reported by
- The vulnerability was reported by Tony Mobily (mercmobily)