=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN239
_____________________________________________________________________

DATE                      : 18/03/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Tagadelic for DRUPAL version 6.x prior to 6.x-1.3.

======================================================================
http://drupal.org/node/1095030
______________________________________________________________________

SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)
Posted by Drupal Security Team on March 16, 2011 at 7:20pm

     * Advisory ID: DRUPAL-SA-CONTRIB-2011-013
     * Project: Tagadelic (third-party module)
     * Version: 6.x
     * Date: 2011-March-16
     * Security risk: Moderately Critical (definition of risk levels)
     * Exploitable from: Remote
     * Vulnerability: Cross Site Scripting

Description

Tagadelic module offers various ways to display terms and vocabularies
in a tag cloud on a page or in a block. The module does not sanitize the
taxonomy vocabulary names and descriptions when displayed on listing pages
or blocks, leading to a Cross-Site Scripting (XSS) vulnerability that may
lead to a malicious user gaining full administrative access.

This vulnerability is mitigated by the fact that the user must be able
to create or edit taxonomy vocabularies, normally restricted by the
"administer taxonomy" permission, in order to exploit it.

Versions affected

     * Tagadelic module 6.x-1.x versions prior to 6.x-1.3

Note: If you do not use the contributed Tagadelic module, there is nothing
you need to do.

Solution

Install the latest version:

     * If you use the Tagadelic module for Drupal 6.x-1.x upgrade to
Tagadelic 6.x-1.3

See also the Tagadelic project page.

Reported by

     * Greg Knaddison (greggles) of the Drupal Security Team

Fixed by

     * Bèr Kessels, module maintainer

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via
the form at http://drupal.org/contact. Learn more about the team and their
policies, writing secure code for Drupal, and secure configuration of your
site.

Categories: Drupal 6.x


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================