Description

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.

Remediation

References

CVE-2009-4371

Related Vulnerabilities

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

Sqlite CVE-2015-5895 Vulnerability (CVE-2015-5895)

Magento Cacheleak

Internet Information Services Other Vulnerability (CVE-2002-0150)

Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)

Severity

Low

Classification

CVE-2009-4371 CWE-707

Tags

Missing Update Known Vulnerabilities