Описание
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.15-1 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 6.10-1ubuntu0.2 |
| karmic | released | 6.12-1.1ubuntu1.1 |
| upstream | released | 6.15 |
Показывать по
Ссылки на источники
3.5 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
Cross-site scripting (XSS) vulnerability in the Menu module (modules/m ...
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
3.5 Low
CVSS2