Bug 1014969 (CVE-2013-5964)

Summary: CVE-2013-5964 drupal: flag-module: XSS vulnerability.
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ansilva, ccoleman, dmcphers, gmollett, jialiu, lmeyer, peter.borsa, shawn, tkramer
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-08 05:51:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1014975    

Description Ratul Gupta 2013-10-03 08:52:57 UTC 
Drupal was found to have a XSS vulnerability in the flag module. It is reported that the core package isn't affected, just when the flag module is installed, this can be exploited.

It was found that the flag module allowed creation of customizable flags on entitites. The module doesn't properly sanitize the name of the flag on the main flag admin page, which could allow a malicious user to embed scripts within the page, leading to XSS vulnerability. The attacker must have the "Administer Flags" permission to be able to exploit this vulnerability.

References: 
http://seclists.org/fulldisclosure/2013/Aug/287
https://drupal.org/node/2076221
http://osvdb.org/96750
Comment 1 Garth Mollett 2013-10-08 05:51:40 UTC 
The vulnerable code does not look to exist in the 6.x version of this
module.