Description
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-5624 Vulnerability (CVE-2016-5624)
MySQL CVE-2014-2444 Vulnerability (CVE-2014-2444)
WordPress Plugin Eventify-Simple Events 'fetcheventdetails.php' SQL Injection (1.7.f)
Oracle JRE CVE-2013-2436 Vulnerability (CVE-2013-2436)
phpMyFAQ Business Logic Errors Vulnerability (CVE-2023-1887)