2 matches found
CVE-2009-3156
Cross-site scripting XSS vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field...
CVE-2009-3156
CVE-2009-3156 : XSS in the Drupal Date module Date Tools sub-module (Drupal 6.x before 6.x-2.3). The vulnerability allows remote authenticated users with either the use date tools or administer content types privileges to inject arbitrary script/HTML via the Content type label field. The issue is...