Description
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2020-25097)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0307)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.31)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)
WordPress Plugin Email Subscribers & Newsletters Security Bypass (3.5.13)