CVE-2009-3121

Vulnerability

The Ajax Table module for Drupal 5.x lacks proper escaping of certain user-supplied values [1]. This allows remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary HTML and script content into pages [1]. The exact vectors are unspecified in the advisory, but the module is used to create AJAX-refreshable tables via parameters [1].

Exploitation

An attacker can exploit this vulnerability by providing malicious input to the module's parameters [1]. No authentication is required as the module is accessible remotely [1]. The advisory notes that the module also suffers from access bypass, but the XSS specifically requires only the ability to submit crafted input [1].

Impact

Successful exploitation allows the attacker to inject arbitrary web script or HTML, which can lead to session hijacking, defacement, or even gaining administrative access if the admin views the malicious page [1].

Mitigation

As of the advisory date (2009-Aug-26), there is no solution available [1]. The recommended action is to disable the Ajax Table module and remove it from the server [1]. Drupal core is not affected [1].