Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
Ссылки
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:reyero:i18n:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.0:dev:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:reyero:i18n:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
2.1 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
EPSS
Процентиль: 51%
0.00281
Низкий
2.1 Low
CVSS2
Дефекты
CWE-79