Description

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.

Remediation

References

CVE-2009-4370

Related Vulnerabilities

PleskLin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-24044)

Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27116)

WordPress Plugin Google Alert And Twitter Multiple Vulnerabilities (3.1.5)

WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)

WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7)

Severity

Low

Classification

CVE-2009-4370 CWE-707

Tags

Missing Update Known Vulnerabilities