CVE-2009-4371

NameCVE-2009-4371
DescriptionCross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs562165

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupal5source(unstable)5.21-1
drupal6sourcelenny6.6-3lenny4
drupal6source(unstable)6.15-1low562165

Notes

[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)

Search for package or bug name: Reporting problems