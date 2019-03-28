Vigil@nce - Drupal Module Filter: Cross Site Scripting

May 2019 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can trigger a Cross Site Scripting of Drupal Module Filter, in order to run JavaScript code in the context of the web site.

Impacted products: Drupal Modules not comprehensive.

Severity: 2/4.

Consequences: client access/rights.

Provenance: document.

Confidence: confirmed by the editor (5/5).

Creation date: 28/03/2019.

DESCRIPTION OF THE VULNERABILITY

The Module Filter module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Module Filter, in order to run JavaScript code in the context of the web site.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

