Bug 435814 (CVE-2008-1131) - CVE-2008-1131,CVE-2008-1133 drupal new release fixes XSS issue
Summary: CVE-2008-1131,CVE-2008-1133 drupal new release fixes XSS issue
Keywords:
Status: CLOSED RAWHIDE
Alias: CVE-2008-1131
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://drupal.org/node/227608
Whiteboard:
Depends On: 435815 435816 435817
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-03 23:20 UTC by Lubomir Kundrak
Modified: 2008-03-05 16:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-04 01:44:43 UTC
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2008-03-03 23:20:25 UTC 
Titles are not escaped prior to being displayed on content edit forms, allowing
users to inject arbitrary HTML and script code into these pages.

The Drupal.checkPlain function, used to escape text in ECMAScript, contains a
bug which causes it to escape only the first instance of a character, allowing
users to inject arbitrary HTML and script code in certain pages.

http://drupal.org/node/227608
Comment 2 Lubomir Kundrak 2008-03-03 23:23:19 UTC 
CVE name requested for this.
Comment 3 Gwyn Ciesla 2008-03-04 01:44:43 UTC 
SA-2008-018 addressed in rawhide by 6.1, not present in 5.x branch for F-7 and F-8.
Comment 4 Lubomir Kundrak 2008-03-04 12:17:49 UTC 
Jon: Thanks!
Comment 5 Tomas Hoger 2008-03-04 14:03:09 UTC 
CVE-2008-1131:

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote
authenticated users to inject arbitrary web script or HTML via titles
in content edit forms.
Comment 6 Tomas Hoger 2008-03-05 16:25:26 UTC 
CVE-2008-1133:

The Drupal.checkPlain function in Drupal 6.0 only escapes the first
instance of a character in ECMAScript, which allows remote attackers
to conduct cross-site scripting (XSS) attacks.
Note You need to log in before you can comment on or make changes to this bug.