8 matches found
CVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting XSS attack. This vulnerability is mitigat...
CVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting XSS attack. This vulnerability is mitigat...
CVE-2012-2065
Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2065
Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4371
Cross-site scripting XSS vulnerability in the Locale module modules/locale/locale.module in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the 1 Language name in...
CVE-2009-4371
Cross-site scripting XSS vulnerability in the Locale module modules/locale/locale.module in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the 1 Language name in...
Cross site scripting
Cross-site scripting XSS vulnerability in the Locale module modules/locale/locale.module in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the 1 Language name in...
Drupal 6.x Core XSS
The full text of this advisory can be found at http://www.madirish.net/?article=442 Description of Vulnerability: - - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL that provides extensibility through various third party...