Description

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.

Remediation

References

CVE-2009-4371

Related Vulnerabilities

WordPress Plugin WordPress File Upload Cross-Site Scripting (4.3.3)

WordPress Plugin Embed PDF Cross-Site Scripting (1.0.6)

SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)

Oracle JRE CVE-2013-0435 Vulnerability (CVE-2013-0435)

WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (6.4.2)

Severity

Low

Classification

CVE-2009-4371 CWE-707

Tags

Missing Update Known Vulnerabilities