CVE-2009-4370

NameCVE-2009-4370
DescriptionCross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs562165

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupal5source(unstable)5.21-1
drupal6sourcelenny6.6-3lenny4
drupal6source(unstable)6.15-1low562165

Notes

[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)

Search for package or bug name: Reporting problems