Full Disclosure mailing list archives
Re: Drupal XML Sitemap 6.x-1.1 XSS Vulnerability
From: Andrew Farmer <andfarm () gmail com>
Date: Thu, 15 Oct 2009 18:10:24 -0700
On 15 Oct 2009, at 07:24, Justin Klein Keane wrote:
Applying the following patch mitigates these threats. - --- site_map/site_map.module 2009-09-30 15:09:49.295134033 -0400 +++ site_map/site_map.module 2009-09-30 15:09:30.011119976 -0400 @@ -14,7 +14,7 @@ function site_map_help($path, $arg) { switch ($path) { case 'sitemap': $output = _sitemap_get_message(); - - - return $output ? '<p>'. filter_xss($output) .'</p>' : ''; + return $output ? '<p>'. $output .'</p>' : ''; } }
Surely that should be the other way around? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drupal XML Sitemap 6.x-1.1 XSS Vulnerability Justin Klein Keane (Oct 15)
- Re: Drupal XML Sitemap 6.x-1.1 XSS Vulnerability Andrew Farmer (Oct 15)
- Re: Drupal XML Sitemap 6.x-1.1 XSS Vulnerability Jan G.B. (Oct 16)
- Re: Drupal XML Sitemap 6.x-1.1 XSS Vulnerability Justin Klein Keane (Oct 16)