Cross Site Scripting

When a Security Vulnerability is Just a Bug - Drupal Content Access XSS

If you pay close attention you may have noticed a recent disclosure of an XSS vulnerability in the Content Access module.

This report comes from a system administrator and security researcher at a fine university and contains a section titled Vendor Response:

Drupal security [team] was notified of this vulnerability on 5/19/2009. Vendor
has declined to issue an official security announcement due to the
restricted access rights required to carry out the proof of concept
exploit. Vendor has filed a bug with the module maintainer at
http://drupal.org/node/472494.

Syndicate content