Advisory ID: DRUPAL-SA-CONTRIB-2012-023

Project: Frequently Asked Questions (third-party module)

Version: 6.x

Date: 2012-February-22

Security risk: Moderately critical

Exploitable from: Remote

Vulnerability: Cross Site Scripting

Description

The Frequently Asked Questions (faq) module allows users, with the appropriate permissions, to create question and answer pairs which are displayed on the 'faq' page, and in the random and recent FAQ blocks. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting (XSS) vulnerability....