Drupal Answers Module 5.x-1.x-dev XSS Vulnerability
Drupal is a robust content management system (CMS) that provides extensibility through hundreds of third party modules. While the security of Drupal core modules is vetted by a central security team, third party modules are not reviewed for security.
5.x-1.x-dev, dated 2008-May-22 was tested and shown vulnerable.
Testing for Vulnerability
Entering a value of "<script>alert('foo');</script>" as an answer will cause an alert box with the text "foo" to appear whenever the answer is displayed.
Depending on configuration, this vulnerability allows unauthenticated users to remotely inject malicious content that could be displayed to all web site users. Such content could include links to malware that could lead to possible system compromise.
The answers.info page for vulnerable versions displays the following information:
; $Id: answers.info,v 1.1 2008/01/09 05:12:23 amanuel Exp $ name = Questions description = Allows users track their questions. package = "Answers" ; Information added by drupal.org packaging script on 2008-05-22 version = "5.x-1.x-dev" project = "answers" datestamp = "1211414452"
Determining version information on Drupal sites is trivial in many cases (ref http://www.madirish.net/?article=214).
The module developer has not responded to contact attempts.