CVE-2009-1344

Description

Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

Affected products

• Drupal / localization_client5.x-1.0 – 5.x-1.0
• Drupal / localization_client5.x-1.1 – 5.x-1.1
• Drupal / localization_client5.x-1.xdev – 5.x-1.xdev
• Drupal / localization_client6.x-1.0 – 6.x-1.0
• Drupal / localization_client6.x-1.1 – 6.x-1.1
• Drupal / localization_client6.x-1.2 – 6.x-1.2
• Drupal / localization_client6.x-1.3 – 6.x-1.3
• Drupal / localization_client6.x-1.4 – 6.x-1.4
• Drupal / localization_client6.x-1.5 – 6.x-1.5
• Drupal / localization_client6.x-1.6 – 6.x-1.6
• Drupal / localization_client6.x-1.xdev – 6.x-1.xdev

References

• MISChttp://osvdb.org/53703
• MISChttp://www.securityfocus.com/bid/34546
• MISChttp://drupal.org/node/434682
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1060
• VENDOR_ADVISORYhttp://secunia.com/advisories/34718