====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN228
____________________________________________________________________

DATE                : 24/05/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running
                      Taxonomy List module for Drupal 6.x version
                                6.x-1.x prior to 6.x-1.4.

======================================================================
http://drupal.org/node/1597262
______________________________________________________________________

SA-CONTRIB-2012-083 - Taxonomy List - Cross Site Scripting (XSS)
Posted by Drupal Security Team on May 23, 2012 at 4:08pm

    Advisory ID: DRUPAL-SA-CONTRIB-2012-083
    Project: Taxonomy List (third-party module)
    Version: 6.x
    Date: 2012-May-23
    Security risk: Moderately critical
    Exploitable from: Remote
    Vulnerability: Cross Site Scripting


Description

CVE: Requested

This module enables you to display the terms (and optionally nodes)
under categories.

The module doesn't sufficiently sanitize user supplied text in the
taxonomy information.

This vulnerability is mitigated by the fact that an attacker must
have a role with permissions to create or edit taxonomy terms.


Versions affected

    Taxonomy List 6.x-1.x versions prior to 6.x-1.4.

The 6.x-2.x branch is not affected.

Drupal core is not affected. If you do not use the contributed
Taxonomy List module, there is nothing you need to do.


Solution

Install the latest version:

    If you use the Taxonomy List module for Drupal 6.x, upgrade
to Taxonomy List 6.x-2.0.
    If you must use the 6.x-1.x branch of the Taxonomy List
module for Drupal 6.x, upgrade to Taxonomy List 6.x-1.4 (which
is no longer supported).

Also see the Taxonomy List project page.


Reported by

    Dylan Wilder-Tack of the Drupal Security Team


Fixed by

    Nancy Wichmann the module maintainer


Coordinated by

    Lee Rowlands
    Forest Monsen of the Drupal Security Team


Contact and More Information

The Drupal security team can be reached at security at drupal.org
or via the contact form at http://drupal.org/contact.

Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and securing your site.


Categories: Drupal 6.x

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================