Description
The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2020-7061)
PHP Other Vulnerability (CVE-2007-1378)
MySQL 7PK - Security Features Vulnerability (CVE-2016-2047)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8114)
OpenSSL 7PK - Security Features Vulnerability (CVE-2015-1793)