Description

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

Remediation

References

CVE-2009-3156

Related Vulnerabilities

WordPress Plugin Mobile blocks Security Bypass (1.0)

MySQL Other Vulnerability (CVE-2010-3840)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.2.1)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37247)

WordPress Plugin Shortcode Ninja Cross-Site Scripting (1.4)

Severity

Low

Classification

CVE-2009-3156 CWE-707

Tags

Missing Update Known Vulnerabilities