Alexander Hass: >> Sections Module >> 6.x-1.x-dev Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
CVSS Score
3.5
EPSS Score
0.006
Published
2009-12-28