drupal6-i18n
Page content
- Author: Miklos Vajna
- Vulnerable: 6.x_1.3-1locris1
- Unaffected: 6.x_1.4-1locris1
Some vulnerabilities have been reported in the Internationalization module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
- Certain input passed to translating blocks is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.
- Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires “translate interface” or “administer blocks” permissions.
- Bug Tracker URL: http://bugs.frugalware.org/task/4134
CVEs:
- No CVE reference, see http://drupal.org/node/764998.