Severity Rating: High
Software Affected
● Internationalization (i18n) module for Drupal 7.x
Overview
A vulnerability has been reported in Drupal, which could be exploited by a
remote attacker to exploit a Cross Site Scripting (XSS) vulnerability.
Description
The vulnerability exists in Drupal because a value in term translation
module is displayed without being escaped making a Cross Site Scripting
(XSS) possible. The attacker must have a role with permission "Edit terms
in" on a taxonomy vocabulary with i18n term translation enabled in order
to exploit the vulnerability.
Successful exploitation of this vulnerability could allow the attacker to
exploit the Cross Site Scripting (XSS) vulnerability to execute an
unauthorised script.
Solution
Apply appropriate patches as mentioned on Drupal website:
Vendor Information
Drupal
References
Drupal
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.