Description
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-5440 Vulnerability (CVE-2016-5440)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)
Joomla Inadequate Encryption Strength Vulnerability (CVE-2011-3629)
Dot CMS Other Vulnerability (CVE-2022-26352)
WordPress Plugin Captain Slider Cross-Site Scripting (1.0.6)