Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal 5.17 Cross Site Scripting

🗓️ 10 May 2009 00:00:00Reported by Justin C. Klein KeaneType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Drupal 5.17 Taxonomy module XSS vulnerabilit

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Drupal 5.17 Taxonomy (Core) Module Contains XSS Vulnerability  
  
May 7, 2009  
Version tested: Drupal 5.17  
http://lampsecurity.org/drupal-taxonomy-vulnerability  
  
Drupal (http://drupal.org) is a robust content management system (CMS)  
written in PHP and supported by a MySQL database. The power of Drupal  
systems is extended by various modules. Most modules are developed by  
third parties, but there is a set of "core" modules that are provided as  
part of a standard Drupal installation.  
  
Drupal 5.17 Taxonomy module, which is part of the Drupal core and is  
enabled by default upon installation, contains a cross site scripting  
vulnerability that allows users with the 'administer taxonomy'  
permission to inject arbitrary HTML in the help text of any Category  
vocabulary. This arbitrary HTML will be displayed when any user  
attempts to create new content associated with the taxonomy.  
  
Proof of concept:  
  
1. Log in to Drupal 5.17 as a user with administer taxonomy permissions  
2. Create a new content category using Administer -> Categories -> Add  
Vocabulary  
3. Enter arbitrary <script>alert('xss');</script> in the 'Help text:'  
field, check the 'Page' and 'Story' checkboxes under 'Types' and fill  
out arbitrary values for other fields.  
4. Click 'Submit'  
5. Create new content by clicking the 'Create content' link and then  
click either 'Page' or 'Story'  
6. A JavaScript alert will appear  
  
This vulnerability is especially dangerous as it targets content  
creators, who are likely to have elevated privileges in Drupal. Extreme  
care should be given to those users granted the 'administer taxonomy'  
privilege until a fix is available.  
  
- --  
Justin C. Klein Keane  
http://www.MadIrish.net  
http://www.LAMPSecurity.org  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.7 (MingW32)  
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org  
  
iQD1AwUBSgSXXpEpbGy7DdYAAQIUJQcAl+IR5MY2TPKuYv/nS7N243vh/HXgB7LT  
joJzUQaCeTTDvwPwYe3WLY3sC7eQF9TtXik2kRN6h+QcdEcNdy0akcYIMOpNOM2y  
X5lHRuHoVJFzp3nAohKXFrxpeNmE2cuNn/VRtVtFfUB33bEjSDEpSMa4OiO5Wq1O  
mNY3tWFrEPUDb4b5ouNTyhARcBfmU3c2rqzgdf5rPrioqmlPnA6eXGQ/hr2kKZ7i  
e7KDrua9EHm4U7ycpK9PAl/JRgh49U1Nl/MzXv5pT/iJ6SbR8tvc9/hOErc5sSur  
m0qhSFm7mQ4=  
=AHcD  
-----END PGP SIGNATURE-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 May 2009 00:00Current
7.4High risk
Vulners AI Score7.4
drupal 5.17taxonomy modulecross site scriptingcontent management systemphpmysqlcore moduleadminister taxonomy permissionarbitrary htmlcontent creatorselevated privilegesvulnerability fix
24