Drupal Cool aid 6.X-1.4 Drupal Cool aid 6.X-1.3 Drupal Cool aid 6.X-1.2 Drupal Cool aid 6.X-1.1 Drupal Cool aid 6.X-1.0
Drupal Cool aid 6.x-1.9 Drupal Cool aid 6.x-1.8 Drupal Cool aid 6.X-1.7 Drupal Cool aid 6.X-1.6
The Cool aid module for Drupal is prone to a cross-site scripting vulnerability and a security-bypass vulnerability.
An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.
Attackers can exploit the security bypass issue to bypass security restrictions, obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Other attacks are also possible.
Cool aid 6.x-1.x versions prior to 6.x-1.6 are vulnerable.
Proof of Concept and Security Exploits
Attackers can use a browser to exploit the security-bypass issue. To exploit cross-site scripting vulnerability attackers must trick an unsuspecting victim into following a malicious URI.
Solution: Updates are available. Please see the references for details.