CVE-2010-2030

Vulnerability

The External Link Page module for Drupal provides a content filter that redirects external links to a customizable informational page before leaving the site. Versions 5.x prior to 5.x-1.0 and 6.x prior to 6.x-1.2 do not sanitize data entered on the administration page before displaying it on the redirect page, leading to a cross-site scripting (XSS) vulnerability [1]. This allows injection of arbitrary web script or HTML into the redirect page content.

Exploitation

An attacker with access to the administration interface (e.g., a user with permission to configure the External Link Page module) can input malicious script or HTML into the unsanitized fields. When a visitor follows an external link that triggers the module's redirect page, the injected payload is executed in the visitor's browser [1]. The attack is remote and does not require any special user interaction beyond clicking a crafted link.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session on the Drupal site. This can lead to session hijacking, defacement, or privilege escalation up to full administrative access [1]. The impact is critical as it affects any visitor who encounters the redirect page containing the malicious payload.

Mitigation

Fixed versions are 5.x-1.0 for Drupal 5.x and 6.x-1.2 for Drupal 6.x [1]. Users should upgrade immediately to these versions. No workaround is provided for unpatched installations. Drupal core itself is not affected; only sites using the contributed External Link Page module are vulnerable.