Skype Status - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-076

* Advisory ID: DRUPAL-SA-CONTRIB-2017-076
* Project: Skype Status
* Version: 7.x
* Date: 2017-September-20
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Cross Site Scripting

DESCRIPTION

This module enables you to obtain the status for a user's Skype account

The module doesn't sufficiently sanitize the user input for their Skype ID.

This vulnerability is mitigated by the fact that an attacker must have an
account on the site and be allowed to edit/input their Skype ID.

VERSIONS AFFECTED

* Skype Status (skype_status) 7.x-2.x versions prior to 7.x-1.2.

Drupal core is not affected. If you do not use the contributed Skype Status module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the Skype Status (skype_status) module for Drupal 7.x, upgrade
to Skype Status (skype_status) 7.x-1.2.

Also see the Skype Status project page: https://www.drupal.org/project/skype_status

Add new comment