Описание
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Locale module and dependent contributed modules in Drupal 6.x before 6 ...
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
EPSS
4.8 Medium
CVSS3
3.5 Low
CVSS2