Drupal Answers 5.x-1.x-dev XSS Vulnerability
Drupal is a robust content management system (CMS) that provides extensibility through hundreds of third party modules. Whiel the security of Drupal core modules is vetted by a central security team, third party modules are not reviewed for security.
5.x-1.1-dev, dated 2008-May-22 was tested and shown vulnerable.
Testing for Vulnerability
Entering a value of "<script>alert('foo');</script>" as an answer will cause an alert box with the text "foo" to appear whenever the answer is displayed.
The answers.info page for vulnerable versions displays the following information:
; $Id: answers.info,v 1.1 2008/01/09 05:12:23 amanuel Exp $ name = Questions description = Allows users track their questions. package = "Answers" ; Information added by drupal.org packaging script on 2008-05-22 version = "5.x-1.x-dev" project = "answers" datestamp = "1211414452"
Determining version information on Drupal sites is trivial in many cases (ref http://www.madirish.net/?article=214).