| source |
Version/Dependency |
Developer Link |
Severity |
|---|---|---|---|
| drupal.org/node/1401580 |
6.x-2.x versions prior to 6.x-2.8. 6.x-3.x versions prior to 6.x-3.1 |
drupal.org/project/vote_up_down |
Moderately Critical |
Summary:
In the Vote up/down module the vud_term sub-module doesn't sufficiently sanitize thus making it vulnerable to a Cross-Site Scripting Attack.
Please see SOURCE for full details on mitigation tactics.
What do I do to fix this?
For the 6.x-2.x version of Vote up/down module for Drupal 6.x, upgrade to Vote up/down 6.x-2.8.
For the 6.x-3.x version of Vote up/down module for Drupal 6.x, upgrade to Vote up/down 6.x-3.1.
Reported by: Greg Knaddison