Total vulnerabilities in the database
Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.
| Software | From | Fixed in |
|---|---|---|
| drupal / drupal | 6.0-beta2 | 6.0-beta2.x |
| drupal / drupal | 6.2 | 6.2.x |
| drupal / drupal | 6.14 | 6.14.x |
| drupal / drupal | 6.13 | 6.13.x |
| drupal / drupal | 6.0-beta4 | 6.0-beta4.x |
| drupal / drupal | 6.12 | 6.12.x |
| drupal / drupal | 6.0-rc-2 | 6.0-rc-2.x |
| drupal / drupal | 6.4 | 6.4.x |
| drupal / drupal | 6.11 | 6.11.x |
| drupal / drupal | 6.0-beta1 | 6.0-beta1.x |
| drupal / drupal | 6.0-rc-1 | 6.0-rc-1.x |
| drupal / drupal | 6.0-rc-3 | 6.0-rc-3.x |
| drupal / drupal | 6.7 | 6.7.x |
| drupal / drupal | 6.8 | 6.8.x |
| drupal / drupal | 6.1 | 6.1.x |
| drupal / drupal | 6.5 | 6.5.x |
| drupal / drupal | 6.10 | 6.10.x |
| drupal / drupal | 6.6 | 6.6.x |
| drupal / drupal | 6.0 | 6.0.x |
| drupal / drupal | 6.0-rc-4 | 6.0-rc-4.x |
| drupal / drupal | 6.0-beta3 | 6.0-beta3.x |
| drupal / drupal | 6.3 | 6.3.x |
| drupal / drupal | 6.9 | 6.9.x |