Drupal Maestro Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities

The Maestro module for Drupal is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability.

An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.

The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Versions prior to Maestro 7.x-1.2 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus