Description

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.

Remediation

References

CVE-2009-4370

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8140)

WebLogic CVE-2022-21560 Vulnerability (CVE-2022-21560)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43707)

MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

Severity

Low

Classification

CVE-2009-4370 CWE-707

Tags

Missing Update Known Vulnerabilities