Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2009-4370

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.

  • Published: Dec 21, 2009
  • Updated: Nov 9, 2025
  • CVE: CVE-2009-4370
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Composer icon drupal / drupal 6.0-beta2 6.0-beta2.x
Composer icon drupal / drupal 6.2 6.2.x
Composer icon drupal / drupal 6.14 6.14.x
Composer icon drupal / drupal 6.13 6.13.x
Composer icon drupal / drupal 6.0-beta4 6.0-beta4.x
Composer icon drupal / drupal 6.12 6.12.x
Composer icon drupal / drupal 6.0-rc-2 6.0-rc-2.x
Composer icon drupal / drupal 6.4 6.4.x
Composer icon drupal / drupal 6.11 6.11.x
Composer icon drupal / drupal 6.0-beta1 6.0-beta1.x
Composer icon drupal / drupal 6.0-rc-1 6.0-rc-1.x
Composer icon drupal / drupal 6.0-rc-3 6.0-rc-3.x
Composer icon drupal / drupal 6.7 6.7.x
Composer icon drupal / drupal 6.8 6.8.x
Composer icon drupal / drupal 6.1 6.1.x
Composer icon drupal / drupal 6.5 6.5.x
Composer icon drupal / drupal 6.10 6.10.x
Composer icon drupal / drupal 6.6 6.6.x
Composer icon drupal / drupal 6.0 6.0.x
Composer icon drupal / drupal 6.0-rc-4 6.0-rc-4.x
Composer icon drupal / drupal 6.0-beta3 6.0-beta3.x
Composer icon drupal / drupal 6.3 6.3.x
Composer icon drupal / drupal 6.9 6.9.x