• Advisory ID: DRUPAL-SA-CONTRIB-2010-033
  • Project: Taxonomy Filter (third-party module)
  • Version: 6.x
  • Date: 2010-March-31
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Description

The Taxonomy Filter module enables users to filter node listings by multiple taxonomy terms across multiple vocabularies. Vocabulary names, terms, and filter menus are not sanitized, creating a Cross Site Scripting (XSS) vulnerability. Exploiting this vulnerability would allow a malicious user to gain full administrative access, or worse. To exploit the vulnerability a user would either need to have a role with 'administer taxonomy' permission or a site would need to use free tagging and a user would need the ability to create a node that has free tagging enabled.

Versions affected

  • Versions of Taxonomy Filter for Drupal 6.x prior to 6.x-1.1

Versions of Taxonomy Filter for Drupal 5.x are not affected. Drupal core is not affected. If you do not use the 6.x version of the contributed Taxonomy Filter module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use Taxonomy Filter for Drupal 6.x upgrade to Taxonomy Filter 6.x-1.1 or any later version.

Also see the Taxonomy Filter project page.

Reported by

Fixed by

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.