Site Verify - Moderately Critical - Cross Site Scripting

* Advisory ID: DRUPAL-SA-CONTRIB-2017-051
* Project: Site verification (third-party module)
* Version: 7.x
* Date: 2017-May-24
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Multiple vulnerabilities

DESCRIPTION

The Site Verify module enables privilege users to verify a site with services
like Google Webmaster Tools using meta tags or file uploads.

The module doesn't sufficiently sanitize input or restrict uploads.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "administer site verify".

VERSIONS AFFECTED

* Site Verify 7.x-1.x versions prior to 7.x-1.2.

Drupal core is not affected. If you do not use the contributed Site
verification module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the Site Verify module for Drupal 7.x, upgrade to Site Verify
7.1-1.2

Also see the Site verification project page: https://www.drupal.org/project/site_verify

Add new comment