• Advisory ID: DRUPAL-SA-CONTRIB-2010-061
  • Project: AddonChat (third-party module)
  • Version: 6.x-1.x
  • Date: 2010-May-26
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Privilege Escalation, Cross-site scripting)

Description

The AddonChat module provides Drupal integration with the AddonChat Java chat room.

Due to unsafe handling of the global $user object, failed authentication at the custom addonchat_auth.php script will log in an attacker as the chosen user.

Additionally, several configuration variables are not escaped correctly, leading to a cross-site scripting vulnerability. Users with "access administration pages" permission could add arbitrary HTML and javascript to pages.

Versions affected

  • AddonChat module for Drupal 6.x versions prior to 6.x-1.2

Drupal core is not affected. If you do not use the contributed AddonChat module, there is nothing you need to do.

Solution

Install the latest version.

Reported by

Fixed by

Contact

The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.

Read more about the Security Team and Security Advisories at http://drupal.org/security.