=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN110
_____________________________________________________________________

DATE                      : 01/04/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Taxonomy Filter for DRUPAL,
                             Taxonomy Breadcrumb for DRUPAL.

======================================================================
http://drupal.org/node/758756
http://drupal.org/node/758456
______________________________________________________________________

  * Advisory ID: DRUPAL-SA-CONTRIB-2010-033
  * Project: Taxonomy Filter (third-party module)
  * Version: 6.x
  * Date: 2010-March-31
  * Security risk: Critical
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting

- -------- DESCRIPTION
- ---------------------------------------------------------

The Taxonomy Filter module enables users to filter node listings by multiple
taxonomy terms across multiple vocabularies. Vocabulary names, terms, and
filter menus are not sanitized, creating a Cross Site Scripting (XSS)
vulnerability. Exploiting this vulnerability would allow a malicious user to
gain full administrative access, or worse. To exploit the vulnerability a
user would either need to have a role with 'administer taxonomy' permission
or a site would need to use free tagging and a user would need the ability to
create a node that has free tagging enabled.
- -------- VERSIONS AFFECTED
- ---------------------------------------------------

  * Versions of Taxonomy Filter for Drupal 6.x prior to 6.x-1.1 [1]

Versions of Taxonomy Filter for Drupal 5.x are not affected. Drupal core is
not affected. If you do not use the 6.x version of the contributed Taxonomy
Filter module, there is nothing you need to do.
- -------- SOLUTION
- ------------------------------------------------------------

Install the latest version:
  * If you use Taxonomy Filter for Drupal 6.x upgrade to Taxonomy Filter
    6.x-1.1 [2] or any later version.

Also see the Taxonomy Filter [3] project page.
- -------- REPORTED BY
- ---------------------------------------------------------

  * Dylan Wilder-Tack [4] of the Drupal security team.

- -------- FIXED BY
- ------------------------------------------------------------

  * Dylan Wilder-Tack [5] of the Drupal security team.
  * Solotandem [6], the module maintainer

- -------- CONTACT
- -------------------------------------------------------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at http://drupal.org/contact.

[1] http://drupal.org/node/622096
[2] http://drupal.org/node/622096
[3] http://drupal.org/project/taxonomy_filter
[4] http://drupal.org/user/96647
[5] http://drupal.org/user/96647
[6] http://drupal.org/user/240748

______________________________________________________________________

___________________________________________


  * Advisory ID: DRUPAL-SA-CONTRIB-2010-032
  * Project: Taxonomy Breadcrumb (third-party module)
  * Versions: 6.x-1.x, 5.x-1.x
  * Date: 2010-March-31
  * Security risk: Critical
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting

- -------- DESCRIPTION
- ---------------------------------------------------------

The Taxonomy Breadcrumb module generates taxonomy based breadcrumbs on node
pages and taxonomy/term pages. This module does not properly sanitize
taxonomy term name and, for 6.x, node titles when displayed in breadcrumbs,
leading to a Cross Site Scripting (XSS [1]) vulnerability. XSS
vulnerabilities may lead to compromise of administrative accounts or other
attacks against site visitors.
- -------- VERSIONS AFFECTED
- ---------------------------------------------------

  * Taxonomy Breadcrumb module for Drupal 6.x version prior to 6.x-1.1.
  * Taxonomy Breadcrumb module for Drupal 5.x versions prior to 5.x-1.5.

Drupal core is not affected. If you do not use the contributed Taxonomy
Breadcrumb module, there is nothing you need to do.
- -------- SOLUTION
- ------------------------------------------------------------

Install the latest version.
  * If you use the Taxonomy Breadcrumb module for Drupal 6.x-1.x upgrade to
    Taxonomy Breadcrumb 6.x-1.1 [2]
  * If you use the Taxonomy Breadcrumb module for Drupal 5.x-1.x upgrade to
    Taxonomy Breadcrumb 5.x-1.5 [3]

- -------- REPORTED BY
- ---------------------------------------------------------

  * Martin Barbella [4]

- -------- FIXED BY
- ------------------------------------------------------------

  * Martin Barbella [5]
  * Peter Wolanin [6] of the Drupal Security Team [7].

- -------- CONTACT
- -------------------------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://en.wikipedia.org/wiki/Cross-site_scripting
[2] http://drupal.org/node/757980
[3] http://drupal.org/node/757974
[4] http://drupal.org/user/633600
[5] http://drupal.org/user/633600
[6] http://drupal.org/user/49851
[7] http://drupal.org/security-team

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================