Lucene search

K
drupalDrupal Security TeamDRUPAL-SA-CONTRIB-2009-098
HistoryNov 04, 2009 - 12:00 a.m.

SA-CONTRIB-2009-098 - Zoomify - Cross Site Scripting

2009-11-0400:00:00
Drupal Security Team
www.drupal.org
8
zoomify
drupal
cross site scripting
vulnerability
upgrade
dylan wilder-tack
karim ratib

EPSS

0.967

Percentile

99.7%

The Zoomify module integrates the Zoomify Flash applet into Drupal which can be used to pan and zoom on large images. Images are first preprocessed in order for Zoomify to work. The module fails to sanitize a value in the node title, leading to a Cross Site Scripting (XSS) vulnerability.

Versions affected

Drupal core is not affected. If you do not use the contributed Zoomify module, there is nothing you need to do.

Solution

Upgrade to the latest version:

Reported by

Fixed by

EPSS

0.967

Percentile

99.7%