Site Verify - Moderately Critical - Cross Site Scripting

* Advisory ID: DRUPAL-SA-CONTRIB-2017-051
* Project: Site verification (third-party module)
* Version: 7.x
* Date: 2017-May-24
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Multiple vulnerabilities


The Site Verify module enables privilege users to verify a site with services
like Google Webmaster Tools using meta tags or file uploads.

The module doesn't sufficiently sanitize input or restrict uploads.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "administer site verify".


* Site Verify 7.x-1.x versions prior to 7.x-1.2.

Drupal core is not affected. If you do not use the contributed Site
verification module, there is nothing you need to do.


Install the latest version:

* If you use the Site Verify module for Drupal 7.x, upgrade to Site Verify

Also see the Site verification project page:

Add new comment