Posted by ben.bunk on August 11, 2010 at 10:27pm
| Download | Size | md5 hash |
|---|---|---|
| govdelivery-6.x-1.1.tar.gz | 13.86 KB | aea3ea1e130582e5f3ceeae743173b7f |
| govdelivery-6.x-1.1.zip | 15.8 KB | bc771cb0c278121ee5413c302f6cb8d7 |
Last updated: December 24, 2010 - 23:07
SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting
The GovDelivery module provides integration with the GovDelivery On-Demand Mailer service, a web service for GovDelivery customers that sends messages directly based on configured account information. The module replaces the backend of SMTP library in your Drupal site with calls to the GovDelivery service, so all mail sent from your site uses the ODM service.
The module does not sanitize some of the user-supplied data before displaying it (for Drupal 6.x-1.0 only), leading to a Cross Site Scripting (XSS).
For more information see the Security Advisory at: http://drupal.org/node/880698