Back to search
CVE-2011-0771
Published: Feb 4, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
janrain-unspecified-xss(64847)
vdb-entry
x_refsource_XF
janrain-file-upload(64848)
vdb-entry
x_refsource_XF
http://drupal.org/node/1033154
x_refsource_CONFIRM
45926
vdb-entry
x_refsource_BID
42980
third-party-advisory
x_refsource_SECUNIA
70623
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now