Access Control: Drupal Avatar Uploader - Cross-Site Scripting¶

Identifier: drupal_avatar_xss

Scanner(s) Support¶

Description¶

Drupal Avatar Uploader v7.x-1.0-beta8 plugin contains a cross-site scripting vulnerability in the slider import search feature and tab parameter via plugin settings.

Reference:

• https://www.exploit-db.com/exploits/50841
• https://packetstormsecurity.com/files/166409/Drupal-Avatar-Upload-7.x-1.0-beta8-Cross-Site-Scripting.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  drupal_avatar_xss:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.