Skip to Content
 Русский Русский    English English   

 

XSS

Drupal 6.17 faq and faq search modules is containing XSS vulnerability

This code seemed suspicious for me when I was adding pager for FAQ 6.x-1.12 modules feature tho theese modules:

Faq.module,v 1.1.4.52.2.145 2010/10/29 :
function faq_view_question(&$data, $node, $path = NULL, $anchor = NULL) {
 $disable_node_links = variable_get('faq_disable_node_links', FALSE);
  $question = '';
  if ($disable_node_links) {
    if (empty($path) && empty($anchor)) {
      $question = check_plain($node->title);
    }
    elseif (empty($path)) {