Description
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
Remediation
References
Related Vulnerabilities
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)
WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3)
WordPress Plugin Widget Control Powered By Everyblock Cross-Site Scripting (1.0.1)
Ampache Other Vulnerability (CVE-2006-5668)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)