3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.7%
CVE: CVE-2012-1624
This module enables you to translate a website’s content using tools provided by the Lingotek Collaborative Translation Network.
The module doesn’t sufficiently sanitize user input when creating or editing page content. This allows a malicious content editor to potentially input malicious code (e.g. Javascript) to create a persistent Cross Site Scripting (XSS) attack.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to edit or create node content types.
Drupal core is not affected. If you do not use the contributed Lingotek Collaborative Translation module, there is nothing you need to do.
Install the latest version:
See also the Lingotek Collaborative Translation project page.