Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal 'locale.module' 跨站脚本攻击漏洞
Vulnerability Description
Drupal是一个自由和开源的模块化框架和内容管理系统,用PHP语言写成。Drupal Core 6.14版本以及包括6.15的可能的其他版本中的现场模块(modules/locale/locale.module)存在跨站脚本漏洞,具有管理语言许可的远程验证用户可以借助(1)英文语言名称或(2)Custom语言形式中的本机语言名称字段,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A