Description
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy FancyBox Cross-Site Scripting (1.8.17)
WordPress Plugin Wise Agent Lead Capture Forms Cross-Site Scripting (1.0)
WordPress Plugin wpForo Forum Open Redirect (1.9.6)
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35543)
WordPress Plugin Easy Custom Sidebars Unspecified Vulnerability (1.0.1)