Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x prior to 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 6.11 |
||
drupal drupal 6.7 |
||
drupal drupal 6.8 |
||
drupal drupal 6.0 |
||
drupal drupal 6.3 |
||
drupal drupal 6.6 |
||
drupal drupal 6.2 |
||
drupal drupal 6.1 |
||
drupal drupal 6.5 |
||
drupal drupal 6.10 |
||
drupal drupal 6.9 |
||
drupal drupal 6.13 |
||
drupal drupal 6.14 |
||
drupal drupal 6.12 |
||
drupal drupal 6.4 |