Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Gerhard Killesreiter on
- Advisory ID: DRUPAL-SA-2006-013
- Project: Recipe
- Date: 2006-Aug-07
- Security risk: less critical
- Exploitable from: remote
- Vulnerability: Cross site scripting
Description
It is possible for a malicious user to insert and execute XSS, due to lack of validation on output.
Versions affected
Please check the CVS $Id$ field in the file recipe.module to determine whether the version you are running is vulnerable. Versions older than the following are vulnerable:
// $Id: recipe.module,v 1.54 2006/08/06 12:20:49 marble Exp $
Drupal core is not affected. If you do not use the Recipe module, there is nothing you need to do.
Solution
Install the latest release of Recipe.
Reported by
Kae.
Contact
The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact.