Access Control: Drupal Avatar Uploader - Cross-Site Scripting¶
Identifier:
drupal_avatar_xss
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Drupal Avatar Uploader v7.x-1.0-beta8 plugin contains cross-site scripting vulnerabilities in the slider import search feature and tab parameter, allowing attackers to execute arbitrary scripts.
How we test: We test for XSS vulnerabilities in Drupal Avatar Uploader by injecting malicious payloads into plugin settings parameters and analyzing responses to detect if scripts are executed in the browser.
Reference:
- https://www.exploit-db.com/exploits/50841
- https://packetstormsecurity.com/files/166409/Drupal-Avatar-Upload-7.x-1.0-beta8-Cross-Site-Scripting.html
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.