Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
drupalDrupal Security TeamDRUPAL-SA-CONTRIB-2010-002
HistoryJan 06, 2010 - 12:00 a.m.

SA-CONTRIB-2010-002 - Currency Exchange - Cross site scripting

2010-01-0600:00:00
Drupal Security Team
www.drupal.org
7

EPSS

0.967

Percentile

99.7%

JSON

This module provides a site with the ability to display currency exchange rates. The module does not sanitize some of the user-supplied data before logging it to the watchdog, leading to a cross-site scripting (XSS) vulnerability.

Versions affected

  • Currency Exchange version prior to 6.x-1.2

Drupal core is not affected. If you do not use the contributed Currency Exchange module, there is nothing you need to do.

Solution

Install the latest version: upgrade to Currency Exchange 6.x-1.2.

See also the Currency Exchange module project page.

Reported by

mr.baileys

Fixed by

mr.baileys and kbahey one of the module’s maintainers.

EPSS

0.967

Percentile

99.7%

JSON