Candidate: CVE-2009-4370
PublicDate: 2009-12-21 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4370
Description:
 Cross-site scripting (XSS) vulnerability in the Menu module
 (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote
 authenticated users with permissions to create new menus to inject
 arbitrary web script or HTML via a menu description, which is not properly
 handled in the menu administration overview.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.edge.launchpad.net/ubuntu/+source/drupal6/+bug/510421
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_drupal6:
upstream_drupal6: released (6.15)
dapper_drupal6: DNE
hardy_drupal6: DNE
intrepid_drupal6: DNE
jaunty_drupal6: released (6.10-1ubuntu0.2)
karmic_drupal6: released (6.12-1.1ubuntu1.1)
devel_drupal6: not-affected (6.15-1)